上海招聘

Job Category: Software Engineering: Test

Location: China, Shanghai

Job ID: 791589

Division: Server & Tools Business

Job title: Security Engineer

Division: Server & Tools Business - Commerce

Work Location: Shanghai, China

Microsoft is making a big bet on online services as the driver of growth and new opportunities. The Commerce Platform (CP) is the layer for purchasing, managing, provisioning and billing Microsoft cloud services like Azure, Office 365, Windows InTune, Windows Phone, Xbox Live, etc. In short, our team provides the monetization strategy for ALL Microsoft’s Online Services.

We are building a new CP security team that will focus on ensuring a secure commerce platform for millions of users and partners all over the world. Given the nature of our business, we need a top-notch security penetration test team, and the Commerce Platform security team is seeking a Software Security Engineer with demonstrated network and application layer penetration testing and security review skills.

We are looking for a strong performer who is interested in conducting bleeding edge security research, penetration testing on commerce system, and to educate others about security best practices. You will play a key role in advancing security of Commerce Platform by working with other security engineers, PMs, developers and testers on the team to instill a security aware culture. Key responsibilities include:

- Penetration testing - Identify high risk areas, applying security research into actual exploits, and perform in-depth hacking on CP features and services.

- Tooling & automation developments - Adapting existing tooling framework (ie: Burp, Fiddler, etc.) in addition to developing new toolsets that increase the ability to find network and web application security vulnerabilities in our system.

- Security research - Being on the forefront of emerging security threats and vulnerabilities to help our team fortify against existing as well as new threats.

- Security education - Provide as an expert on security and be able to provide information, guidance, and training to help others on the team.

- To thrive in this position, you'll need to be able to have a deep technical understanding of our system and the ability to learn others quickly. Strong technical and communication skills, ability to deal with ambiguity, and very high level of creativity and inquisitiveness are a must. Position requirements also include a BS in Computer science or equivalent security experience. Previous experience in security consulting, penetration testing and hacking are important, but a desire to take on big challenges and help improve the overall service engineering process is equally vital. Experience with common web application security issues, C#, ASP.NET, JavaScript, AJAX, HTML, SQL, and Networking are highly recommended.

Qualifications include:

- 5+ years of technical experience

- 3+ years of experience in security

- Coding experience C#, HTML, ASP.NET

- Security experience in Penetration Testing and Security Code Review

Microsoft is an equal opportunity employer and supports workforce diversity.

GCR:CN:DEV:EN

　　起步于2005年初的服务器与开发工具事业部（中国）在成立之时就树立了成为世界一流的开发、创新和业务中心的愿景，助力服务器与开发工具事业部在全球和中国的成功。作为微软亚太研发集团的核心部门，服务器与开发工具事业部中国研发团队目前在上海和北京两地共有约500名开发人员，积极参与SQL Server、System Center、Windows Small Business Server、Windows HPC Server、Commerce和Windows Embedded Standard等微软核心平台产品的全球研发和创新。随着微软服务器与开发事业部的使命演变为“云化每项业务”，中国研发团队正逐步加大在Windows Azure和基于Windows Azure上的云服务研发投入。
　　与本地客户和技术社区保持密切互动在微软全球研发过程中至关重要。鉴于中国市场的重要性，服务器与开发工具事业部中国研发团队通过广泛交流,有组织地参与到本地生态系统和技术社区互动中：一）通过微软技术大会（TechEd）、MSDN和TechNet等微软技术网站与广大的本地开发人员和 IT专业人员交流；二）针对目标群体推出了微软技术先行计划(TAP)，微软最有价值专家(MVP)开放日、贵宾接待等特殊项目理解客户的需求；三）与相关原始设备制造商（OEM）、独立软件开发商（ISV）、系统集成商（SI）等合作伙伴开展深入互动。2010年9月，服务器与开发工具事业部中国研发团队组建了微软中国云计算创新中心（CCIC），全力以赴地支持合作伙伴和客户顺利运用微软Hyper-V和Azure云计算产品和技术。

如需更多信息，请访问如下博客：
http://www.cnblogs.com/stbchina
http://blogs.msdn.com/b/stbcblog