Software Engineer - Hyderabad, India - Microsoft
Description
Overview
Do you have a passion for security? Do you like to find bugs in software? Have you ever wanted to build and run fuzzers that scale to thousands of cores? Why not become part of team dedicated to keeping the web safeThe Microsoft Edge security team is responsible for securing Edge's client code running on millions of devices worldwide.
We work with developers to ensure features are designed with security in mind, we identify bugs before hackers do, and we respond to security incidents if they occur.
We also work with industry partners to contribute security improvements to the open-source Chromium project to make the web safer for everyone.
Edge security is divided into two sister teams:
Vulnerability Research and Security Operations.
We are hiring for both, and successful applicants will be placed into the team which best fits their skills and interests.
We are looking for engineers with knowledge and experience in the field of computer security and a passion to learn, underpinned by a deep understanding of computer science.
We are looking for individuals with skill sets applicable to either or both teams.Vulnerability Research
:
some of the skills that we are looking for are native app security (memory corruption, exploit mitigations, logic issues, etc.), web application security (exploitation techniques such as XSS, mitigations such as CSP, etc.), code auditing, fuzzer development, application of cryptography, and exploit development.
Security Operations:
the desired skills in this team are application development in C/C++ and Python, the ability to build and scale services and web applications on Microsoft Azure, fuzzer development (for example using libfuzzer or AFL++), research and tooling for code analysis at scale.
Most of all we are looking for individuals who care deeply about keeping Microsoft customers safe from malicious actors.Qualifications
Basic Qualifications:
B.S.
, Computer Science or equivalent work experience or degreeRequired Experience:
2+ years of experience in a relevant professional development or security-focused roleSome of which must be specialising in security.
Competence in writing at least two of C/C++, JavaScript, and PythonThe following additional experiences are favourable, but not requirements:
Public track record of relevant security research along with relevant CVEs if available, especially around browser vulnerability discovery.
Development and deployment of fuzz testing software.
Experience with basic exploit development.
Keywords//edgejobs#edgejobs#epicindia#edgeindia#E+DIndia#ewdindia#webxtindia
Responsibilities
Vulnerability Research primary requirements/responsibilities:
Conduct security reviews to identify and mitigate risk in Microsoft Edge. Activities include design review, code reviews, fuzzing, and penetration testing.
Respond to security incidents and reports from external researchers.
Use a variety of tools and techniques to identify and drive fixes to security vulnerabilities.
Collaborate with other security teams across Microsoft to design and develop new security mitigations and defences.
Work closely with our partners in the Chromium community to improve browser security.
Security Operations primary requirements/responsibilities:
Build and maintain our fuzzing infrastructure across thousands of cores on Azure across three platforms and two architectures.
Develop new tools and techniques to discover new security bugs at scale.
Write fuzzers to automatically test Edge's code base and find new issues.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Industry leading healthcareEducational resourcesDiscounts on products and servicesSavings and investmentsMaternity and paternity leaveGenerous time awayGiving programsOpportunities to network and connect