Microsoft is a company where passionate innovators come to collaborate, envision what can be and take their careers further. This is a world of more possibilities, more innovation, more openness, and the sky is the limit thinking in a cloud-enabled world.
Microsoft’s Azure Data engineering team is leading the transformation of analytics in the world of data with products like databases, data integration, big data analytics, messaging & real-time analytics, and business intelligence. The products our portfolio include Microsoft Fabric, Azure SQL DB, Azure Cosmos DB, Azure PostgreSQL, Azure Data Factory, Azure Synapse Analytics, Azure Service Bus, Azure Event Grid, and Power BI. Our mission is to build the data platform for the age of AI, powering a new class of data-first applications and driving a data culture.
Within Azure Data, the databases team builds and maintains Microsoft’s operational Database systems. We store and manage data in a structured way to enable multitude of applications across various industries. We are on a journey to enable developer friendly, mission-critical, AI enabled operational Databases across relational, non-relational and OSS offerings.
The Security and Compliance team within Azure Data databases is on mission to offer the most secure and compliant database services on the planet – from on-premises data centers to the cloud. Security, compliance, and data privacy are top concerns for our customers. The Security & Compliance team plays a pivotal role in drawing new businesses to our platform by being “built on trust”.
We are hiring a Senior Security Program Manager with a proven track record in Threat Model reviews and Security Development Lifecycle. You should possess extensive cross-group/function collaboration experience, scoping, and the ability to influence without authority. Knowledge of implementing cloud computing, online services, enterprise software development, engineering and/or operations at scale. Your experience will enable you to learn about Microsoft’s evolving Security Development Lifecycle and maintain critical secure operations leading to compliance certifications. This critical role seeks to ensure our customer’s data entrusted to our services is private, safe, and managed in a compliant manner, meeting even the most stringent federal customer requirements.
We do not just value differences or different perspectives. We seek them out and invite them in so we can tap into the collective power of everyone in the company. As a result, our customers are better served.

REQUIRED/MINIMUM QUALIFICATIONS

• Bachelor’s Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development
• OR equivalent experience.
• 2+ years experience managing cross-functional and/or cross-team projects.
• 3+ years of demonstrated Threat Modeling or Security Development Lifecycle and across multiple security domains e.g. identity, authentication, networking, application security, cryptography.

OTHER REQUIREMENTS

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
• This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

PREFERRED/ADDITIONAL QUALIFICATIONS

• Experience with two or more compliance offerings such as FedRAMP, SOX, ISO 27001, SOC (1, 2, 3 Type II), PCI, HiTRUST, HIPAA.
• Experience in managing security or compliance-related engineering programs that require partnering closely with internal services and security partners.
• 5+ years of demonstrated Threat Modeling or Security Development Lifecycle and across multiple security domains e.g. identity, networking, application security, cryptography.
• Ability to work collaboratively with cross-functional teams and communicate effectively with stakeholders at all levels.
• Commitment to creating a culture of security and continuous improvement.
  Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $112,000 - $218,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year.
  Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/v2/global/en/us-corporate-pay.html
  Microsoft will accept applications for the role until April 25, 2024.
  

  AzureData #AzureDatabaseSecurity #AzureDatabaseCompliance

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations

• Ensure all Azure Database services are current on their threat model reviews on a semesterly basis to ensure service reliability and customer trust.
• Facilitate and threat model major feature releases prior to private or public previews.
• Ensure all threat modeling findings are tracked, with correct engineering ownership and ETAs, with periodic LT reporting and readouts.
• Lead and refine the Threat Modeling program by establishing policy and procedures to ensure predictability & efficiency across the organization.
• Proactively identify short-term and long-term investment opportunities, evaluate tradeoffs, and prioritize investments in threat modeling tooling on a quarterly basis.
• Ability to manage tight deadlines