Microsoft AR/VR Job | Product Security Office Technical Lead – CTJ
Job(岗位): Product Security Office Technical Lead – CTJ
Type(岗位类型): Engineering
Citys(岗位城市): Reston, United States
Date(发布日期): 2022-1-5
Summary(岗位介绍)
In Mixed Reality, people—not devices—are at the center of everything we do. Our tech moves beyond screens and pixels, creating a new reality aimed at bringing us closer together—whether that’s scientists “meeting” on the surface of a virtual Mars or some yet undreamt-of possibility. To get there, we’re incorporating diverse groundbreaking technologies, from the revolutionary Holographic Processing Unit to computer vision, machine learning, human-computer interaction, and more.
The Mixed-Reality team is seeking a seasoned Information System Security Manager/Information System Security Officer (ISSM/ISSO) with 10+ years of experience to join our growing team as the Product Security Lead.
The ideal candidate will be a thinker AND a doer that thrives at translating security requirements into action through collaboration with a product development team to deliver secure information systems – a “bake in vs. bolt on” approach. Great attitude and a keen ability to communicate effectively with both technical and non-technical individuals are both highly desired.
Qualifications(岗位要求)
- Strong security and operationally minded ISSM/ISSO with 10+ years of experience
- Demonstrated success as an ISSM/ISSO within DOD & IC environments
- Experienced with requirements as outlined in NIST, ICD, RMF & other USG policies
- Solid working knowledge of NIST 800-53 and 800-171 controls and policies
- Successfully taken an information system from idea to Authorization to Operate (ATO)
- Experienced monitoring systems and resolving system vulnerabilities
- Comfortable with developing and resolving POA&Ms
- Expert at performing vulnerability/risk assessment analysis
- Experienced providing configuration management for information systems
- Comfortable maintaining operational security posture of an information system
- Experienced monitoring IS including security event log review and analysis
- Familiar with interpreting log output of a wide selection of network and host devices
- Technical knowledge of Linux, Microsoft, and virtualized systems
- Enjoy working with highly technical individuals
- Comfortable collaborating to resolve tough problems
- Thrive in a secure, fast-paced, and dynamic environment
- Good communication skills and are willing to learn, teach and lead
- Outstanding problem solver and critical thinker
- Detail-oriented, self-motivated and a strong relationship builder
- Excellent written and verbal communicator
- Possess cybersecurity certification
Security Clearance Requirements:
The successful candidate must have an active U.S. Government Secret Security Clearance. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate clearance and/or customer screening requirements may result in employment action up to and including termination.
Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
Candidates selected for this position must comply with Federal Executive Order 14042 mandating that federal contractors and subcontractors receive the COVID-19 vaccine by being fully vaccinated before their date of hire, or work with Microsoft to receive an approved religious or medical accommodation.
#MixedReality
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Description(岗位职责)
As the Product Security Office lead, your goals will be to help deliver secure and compliant systems across DOD and IC environments. As a Leader of the Team, you will, includes but not limited to, “own” the customer and compliance of our product. You have solid experience with the DevSecOps processes and can coordinate with developers and engineers to assure these processes are followed. Maintain accountability to endure integrity and confidentiality of the process. Lead the analysis of vulnerabilities. Review and make recommendations on program-level documentation. Lead the development and documenting of security evaluation test plan and procedures. Lead researching, evaluating, and developing relevant Information Security policies and guidance. Actively lead technical exchange meetings and application review boards, documenting actions items/results of these events. Brief management on the status of action items and/or results of activities. Lead internal hands-on security testing, analyze test results, document risk, and recommend countermeasures.
