Microsoft Corporation Phoenix, AZ 85067
Imagine what you can do if you can compromise the machines where Windows or Visual Studio is being built. Or where the most popular npm module or nuget package is built. You can attach your malware to popular and widely distributed software and reach millions of devices easily.
Increasingly, cyber threats are coming from such attacks on the software supply chain, which includes everything from developer machines to CI/CD pipelines, release/publish infrastructure and package managers. Every step in the supply chain offers rich targets for attackers to inject their malware into widely distributed software.
Microsoft is serious about securing our software supply chain from such attacks. We want to build multiple layers of defense against such attacks and reduce the chance that the software we ship and any external software we depend on are compromised in their supply chains.
We are looking for engineers who can help us tackle this challenge. Specifically, we are looking for someone with experience in language platforms like Node.JS, Python, .NET, Java and Go. Deep understanding of how package managers work, how packages are built in various languages, how runtimes deal with versioned artifacts and how dependencies are handled would be very useful. Experience with setting up CI/CD pipelines and securing build machines is also helpful.
You will work with other engineers in the team to build tools and services to secure Microsoft's software supply chain, including any external dependencies. You will build mechanisms to securely build software, track chain of custody, evaluate trust of software components, transitively build dependencies, flag use of untrusted software.
You will work with multiple partner teams, internal and external and help raise Microsoft's security posture on our software supply chain. You will work with OSS communities to ensure OSS components also remain protected from attacks on their supply chain. You will work with emerging technologies and standards in this field.
+ 3+ years of experience developing commercial software with C#, C++ or Java
+ Bachelor’s degree in Computer Science, a related technical field, or equivalent experience
+ Detail oriented design, coding, debugging and problem-solving skills
+ Strong written and verbal communication skills
+ Experience with Open Source Software development
+ Passion for quality with strong customer empathy
+ Ability to drive technical decisions across teams
+ Experience building applications in .NET, Node.JS, Python, or Java
+ Knowledge of software security, including threat modeling, isolation, integrity checking, and certificates
+ Experience with CI/CD and build pipelines
+ Experience with packages and package managers like npm, PyPI, NuGet, maven
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form (https://careers.microsoft.com/us/en/accommodationrequest) .
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.