Software Engineering IC3 at Microsoft

Hyderabad, Telangana, India -

Full Time

Start Date

Immediate

Expiry Date

25 Feb, 26

Salary

0.0

Posted On

27 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Penetration Testing, Offensive Security, Application Security, Security Automation, Static Analysis, Dynamic Analysis, Burp Suite, Azure Cloud, C#, Java, Python, SAST Tools, Networking, Database Management, Full-Stack Development, CISSP, OSCP

Industry

Software Development

Description

EPSF Security has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and application security and work closely with our defense teams to continually improve our operational awareness. Penetration Testing: Identify security vulnerabilities and their variants in critical services using various techniques such as source code reviews, dynamic analysis, operational security assessments etc. and validate software quality following our development standards. Security Automation: Participate in developing static and runtime analysis capabilities to find software security bugs quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services. Research, Training, and Tool Development: Perform research to stay current with bleeding edge of penetration testing, offensive, and defensive tools, and tactics. Leverage the output of this research for training and awareness acrss EPSF Security and innovation development efforts. Experience customizing and writing rules for SAST tools, such as CodeQL or Semgrep, Expert-level proficiency with Burp Suite, including advanced features, automation, custom extensions, and fuzzing techniques Experience with Azure cloud platforms, including cloud infrastructure security and misconfiguration management BS or MS in Computer Science, a related field, or equivalent experience 4+ years of experience in identifying security vulnerabilities in online services through penetration testing Strong background in customizing static, dynamic, and runtime analysis tools. Ability to deal with ambiguity. Experience in technical disciplines outside security space, including general software development, networking, database management, and full-stack development, is a strong plus. Demonstrated coding skills in one or more popular languages and platforms such as: C#, Java, Python, and others. Bachelor of science or master's degree in computer science, software engineering, information security or equivalent work experience. CISSP, OSCP, OSWE,GCIA, or SANS certifications is a plus.

Responsibilities

The role involves identifying security vulnerabilities in critical services through penetration testing and validating software quality. Additionally, it includes developing security automation capabilities and conducting research for tool development.