Sr. Penetration & Code review Software Engineer

  • Full Time
  • Redmond, WA.
  • Applications have closed

The Sr. Security SDE FTE Role:
Are you a security expert who’s passionate about hacking & improving the security of hardware/firmware and low-level components? Then this job is for you!
Our client is hiring a Sr. Security Engineer FTE located in the Bellevue, WA. area that has demonstrated experience in hardware, firmware, drivers, and other low-level components.
The clients Security Engineering organization focuses on ensuring a secure cloud platform for developers and a secure experience for millions of users worldwide.
High level responsibilities (The team & you):
• As part of the Security Assurance team, you will perform security reviews, penetration testing, and vulnerability analysis, develop solutions to remediate selected vulnerabilities, and provide consultation to teams to help them develop hardware, firmware, and related components securely.
• We are looking for a detail-oriented, self-motivated, and highly communicative engineer who can geek out on the security details of our cloud’s infrastructure devices.
• You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout this Cloud Platform organization to instill an “Assume Breach” security mindset and culture in our lowest level components.
• You will also be a mentor for junior peer engineers
Specific responsibilities (what you will be doing):
• Penetration testing: You will examine chosen target systems in detail, looking for vulnerabilities and weaknesses in the code and the designs, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an “assume breach” mentality.
• Emerging Threat and Vulnerability Research: You will be expected to be stay on top of emerging threats which affect cloud services through collaboration and original research, including proactive security research on the technologies that our global cloud platform, and our customers utilize and depend on.
• Security Assessments: Parlaying research and knowledge into threat models and security assessments of Azure services, platforms and infrastructure. You have a goal to prioritize areas of security risk while identifying and addressing risks that affect our global cloud platform ability to protect, detect, investigate, and recovery from security vulnerabilities and targeted attacks.
• Security Code Reviews: Prioritize our cloud platform’s highest risk features and review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and improve the security of the cloud platform services.
• Tool Prototypes & development to automate penetration testing and the detection of vulnerabilities across a suite of our cloud services
• Contribute to policies: Contribute to cross-company teams to ensure that our learnings are properly reflected in development and acquisition policies, standards, and practices, to ensure the lowest practical likelihood of repeating mistakes.
• To thrive in this position, you will need a deep technical understanding of a broad technology set and the ability to learn new information at a rapid pace.
• Previous experience in security: Consulting, penetration testing, and general hacking are important, but a desire to take on big challenges and help improve the overall service engineering process is equally vital.

Minimum Qualifications:
• 7 years of experience in hardware security and/or software engineering
• Strong coding skills in one or more popular languages and platforms, including C/C++, C#, Java, Javascript/Typescript, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly.
• Experience in performing Penetration testing and code review
Preferred Qualifications:
• Deep knowledge of hardware and low-level security issues, general security and a strong engineering and development skillset.
• Deep and broad understanding of security vulnerabilities and attacks (Hardware, Software, Network, and People) and ability to apply them or find new ones based on new technology being developed.
• Detailed knowledge of hardware virtualization and related code-isolation technologies, including Hyper-V and other hypervisors, containers, para-virtualization, application virtualization.
• Detailed understanding of encryption, containers, operating systems including Linux and Windows
• Knowledge in low-level networking protocols
• Bachelor of Science, Bachelors, BA, BA CS, Computer Science, Mathematics, Engineering degree or equivalent experience

Compensation: (All based on DOE)
• Base Range: $164k to $195k
• Plus: Signing bonus, Annual Bonus tied to your base and Company stock
• Plus some of the best benefits (Medical Dental) offered in this local
• Job location is in the Bellevue, WA. area, you must be willing to relocate
• No remote work, no contractors and or C2C need apply
Position is open to all US or Canadian Citizens as well GC holders and H1b’s that can be transferred