Microsoft's Artificial Intelligence Products Group (AI Products) is looking for a technical program management manager with solid hands-on security skills to lead the application security function and team across AI+R's online services and research programs. We support over 5000 engineers and researchers working on some of the most innovative technology. We provide support for Microsoft's Research and Bing search, alongside cross company platforms such as search, user personalization, targeted advertising, news and big data platforms. **Responsibilities** + Provide security guidance, specify app security controls, evaluate existing security controls, host threat modelling exercises with teams responsible for new services, apps, features, API's, devices and third-party connections. + Influence dev/ops leads, engineers and researchers to commit to deploy security controls to meet SDL compliance requirements. + Lead and drive end-to-end threat modelling sessions with devs, engineers and researchers to determine where trust boundaries require additional security controls. + Specify new security controls needed to reduce risks identified from security reviews and threat modelling exercises or from pen tests and security incidents and specify these new controls as requirements to be added the organization's SDL process. + Proactively research new security technologies, make defensible security recommendations. + Define and document security guidance to instruct dev leads, engineers and researchers on how best to deploy new security controls. + Create and deliver specialized security technical training for developers, engineers and researchers. + Drive and cultivate a positive culture of security across the engineering and research teams. + Collaborate with corporate security teams to provide feedback into new requirements and provide engineering implications. + Work with our security tools and program teams to identify, define and implement security controls and automation. + Manage and lead a team of 4 FTEs and vendors that are keenly focused on application security, SDL and STRIKE training accountabilities for the division. **Qualifications** The ideal candidate: + Can wear multiple security and management hats: engineer, architect, analyst, threat modeler, security risk advisor, security SME, security trainer, app sec lead and team manager. + Can identify security flaws in software, complex multi-tiered cloud services, third-party connected services, mobile apps through deep threat modelling. + Is capable of providing prescriptive security guidance to engineering and research teams on security bug fixes. + Is able to collaborate with security teams across Microsoft to proactively identify security improvements, including those to address emerging threats and new technologies. + Has management experience leading application security review programs and teams + Has solid program management skills to drive wide-scale security findings across teams to closure. + Excellent interpersonal skills, and strong written and verbal communication skills. + Has keen interest in researching new security technologies, emerging vulnerabilities and threats, and perform cutting-edge research on new attack vectors. _Basic Qualifications_ + _2+ years of management or lead experience in application security with accountability for direct reports._ + _6+ years professional experience in security development and engineering, security implementation, or network and/or application penetration testing._ + _Coding skills in one or more general purpose languages._ + _Bachelor of Science or Master's degree in computer science, software engineering, or equivalent work experience._ + _Hands-on and strong experience with the Security Development Lifecycle (SDL) and conducting security assessments on mobile apps, cloud services running on variety of operating systems including containers._ + _Skilled at multi-tasking and managing projects that have broad organizational impact and/or high corporate visibility._ + _Deep knowledge in common classes of software vulnerabilities such as XSS, CSRF, SQLi (OWASP Top 10), cryptographic attacks and beyond._ + _High enthusiasm, integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment._ + _Bonus points for published research or conference presentations._ + _Bonus points for deep knowledge in infrastructure and operational security._ _Technologies:_ + _Familiarity with C# .NET is highly recommended._ + _Familiarity with Objective C, Swift and general iOS development practices._ + _Familiarity with Java and Android._ + _Knowledge about Azure technologies is preferred._ + _Working knowledge of Windows and Linux internals._ + _Working knowledge of O365 services and API's._ Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form at https://careers.microsoft.com/us/en/accommodationrequest . Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.