|Job Type:||Full Time|
Security bugs happen, but they don’t have to turn into an exploit. The Microsoft Edge Enterprise and Security Team is forming a team dedicated to Exploit Prevention. The team will take a holistic approach on how to best prevent exploit weaponization by exploring various approaches and building up a great backlog of innovation. Your team will define and prioritize the backlog; areas of investigation include mitigation technologies such as CFI and CFG, among other cutting edge mitigation approaches. Another area includes adoption of safer programming languages such as RUST. The team will look at runtime security bug detection techniques that allow us to root out latent bugs in our early validation channels before they make it to the stable channel. But know this: even if bugs make it to stable, Edge ships rapidly and we’re committed to taking the bugs your team finds and rapidly patch our releases for customers.
As a Software Engineer in exploit prevention, you will be joining a team passionate about driving security-mindedness into how we engineer Microsoft Edge and be part of a team with the resolve to make it happen. You’ll be part of a bigger set of teams that is deeply focused on other aspects of Edge security, so you’ll mingle with a diverse set of engineers that will help you sharpen your skills and drive towards common goals. You will help research items in the backlog for the team, and you will be responsible for improving the underlying tooling and mitigation capabilities, either by working with engineers in partner teams, or by landing the work yourself. This involves implementing mitigation technology, measuring its positive impact for prevention, ensure it doesn’t introduce any downsides, and responsibly drive and monitor the rollout at scale. You will partner closely with members of the community to keep up with secure coding practices and tools and keep abreast of industry approaches for mitigations. You will work with members of the Edge team to catalyze efforts to move to more secure patterns, as well as lead the charge by example. You will work to improve Edge as well as the upstream Chromium OSS codebase.
A Bachelor's degree in Computer Science or related field
- 2+ years of experience in building commercial software
- 2+ years professional experience coding in C/C++
- Experience with memory safe languages such as RUST
- Experience with security mitigation technology such as CFI\CFG\CET
- Experience with shipping software products
- Experience with scripting languages (eg. python)
- Excellent communication skills (both written and verbal), a desire to collaborate
- Enthusiasm and interest for browser security and programming languages.
With our investments in security, Edge is a credible browser for consumers and enterprises alike where users are productive and feel safe. Come help us make it happen!If you have read this far and are excited, then what are you waiting for? Connect with us!
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.