Software Engineer - Yammer

Job description

Do you want to impact billions of customers and help them connect across their company while giving them the tools to keep their data safe? Yammer enables co-workers across the globe to discuss ideas, share updates, and crowdsource answers from each other as quickly as possible. Yammer gives teams a faster, smarter way to connect and collaborate across their company.

We are Yammer's Security Team. We are responsible for all features developed for Yammer Products within our Office Products Engineering Group at Microsoft.

Our team is looking for someone with deep expertise in web application security and secure development best practices, a self-motivated and dynamic individual to be part of a startup-like, fast-paced, constantly growing, changing, and scrappy culture! We're looking for someone who has a consultative approach with partner teams and can influence process and priorities, all while keeping Yammer safe for users!

We need someone who can not only break software but who can also figure out how to fix it. We are NOT looking for someone who only wants to do pentesting or cannot understand how to fix the underlying issues. Finding new vulnerabilities is very important, but we really need the whole package.

We are looking for a dynamite problem solver with an eye for breaking, testing, and improving products. If that sounds like you, we want to talk!

What you’ll do:

- Perform regular penetration tests of the Yammer web application

- Conduct security reviews of new features

- Work with engineers to develop and test security fixes

- Monitor security analytics and investigate anomalies

- Develop tools to assist in detection, prevention and analysis of security threats

- Utilize and process the output from automated security scanning tools

Requirements:

- Experience performing web application penetration testing, software security engineering, or red teaming

- Familiarity with common web application vulnerabilities

- Understanding of security best practices and attack and defense techniques for enterprise networks and applications

- Understanding of authentication and authorization protocols, browser security model and controls (CSP, SRI, HSTS)

- Experience developing software in modern programming languages such as Ruby and/or Java is a plus

- Working knowledge of modern security testing tools and applications

- BS degree in engineering, computer science, or related discipline and/or equivalent work experience

The Yammer team has people from a variety of backgrounds, races, ethnicities, previous work histories, and life experiences, and we are passionate about growing that diversity. We believe that diverse perspectives drive better ideas, better products and happier customers. We believe in sane work hours, using our vacation time, continuing to learn on the job, and we offer paid parental leave.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.