Software Security & Controls Program Manager

Last updated 18 days ago
Location:Charlotte, North Carolina, Dallas, Texas, Irving, Texas, Irving, Texas, Issaquah, Washington, Redmond, Washington, Seattle, Washington, United States
Job Type:Full Time

The Trust and Integrity Protection team is looking for an expert Software Security & Controls Program Manager to join our Application Controls Review team supporting Microsoft’s Worldwide Commercial Business (WCB). No organization at Microsoft is as focused on delivering customer success like WCB. You will join a team of dedicated security and compliance professionals to ensure that the tools and applications used by our business meet the highest industry standards for security, privacy, resilience, and regulatory risk.

We are looking for a self-directed, technical individual who understands that risk management involves more than security expertise. The best candidate for this position will have experience in application security, data analytics, internal controls, as well as modern software development and testing methods. He/she/they will also understand how to turn ideas into technology, so that we can scale our service organically. If you enjoy bridging the chasm between great ideas and great technology, consider this opportunity.

This is a technical role where you will be expected to both design and integrate queries, synthetic tests, or solutions that enhance security for development and support teams across the WCB. You will also work side by side with other compliance partners, gathering requirements and building automation for next generation security & compliance. You will be responsible for driving technology projects and solutions that help ensure that we ship services where trust is an integral part of the offering.

Consider this opportunity if:

  • you understand that risk is a multi-faceted concept
  • you have a deep desire to push the boundaries of trusted software
  • you use empirical data for decision making and know how to build your own queries
  • you understand the security development lifecycle and are willing to work in an agile, time sensitive software delivery ecosystem

You must have a proven track record of driving process, tooling and automation improvements in the software security, compliance, financial risk, or online service readiness spaces. You will work collaboratively with compliance SME, software development managers, and the some of the best software engineers in the industry. You will have the freedom to develop new ideas, be thrust into ambiguous learning experiences and be empowered to drive decisions and solutions to protect this organization, so bring your growth mindset and willingness to innovate.


  • You will have an important role in performing software control reviews across the Worldwide Commercial Business (WCB)
  • You will drive development of tools and automation in support of the tool review process.
  • You will build queries to mine our extensive data lakes for indicators of risk.
  • Some portion of your time will be spent working with teams as an engineering security SME during design/planning stages to help ensure security and control requirements are built in.
  • You will work with a global team, across multiple time zones, to meet the needs of our worldwide organization

You will also be expected to contribute the following:

  • Cross team working groups defining next generation risk management tools & techniques
  • Seminars on security practices
  • Incident response activities when high priority detections indicate risk to the enterprise


  • 4+ years active participation in a security & privacy related field, including but not limited to: identity management, information protection, threat detection, penetration testing, or incident response
  • Hands-on Programming or data science experience in one of more of the following: C#, C++, Java, Python, PowerShell, SQL
  • Understanding of common software weaknesses, penetration testing, and the security development lifecycle
  • Strong verbal and written communication skills so that your team and your customers fully understand the impact of your recommendations
  • BA/BS/MS in computer science or security, -or- related work experience equivalent to 5 years specialization in Security or software development


  • Application Security: Experience with common classes of software vulnerabilities such as cross-site scripting, cross-site request forgery, SQL injection, Denial of Service, and cryptographic weaknesses
  • Controls & Compliance: Experience with common financial or operational risk issues in software or systems
  • 2 years data query experience with one or more of the following: Azure Data Lake, Kusto, Azure Data Explorer, Cosmos DB, SQL, or Hadoop
  • Familiarity with regulatory compliance programs, such as: SSAE-16, ISO 27000 series, FedRAMP, Sarbanes Oxley, GDPR
  • One or more security industry certifications (CSSLP, CISSP, CCSP, CISA, GEVA, GWEB, CEH)

Location: Issaquah, WA, Las Colinas, TX, or Charlotte, NC is strongly preferred. If not in one of these areas, there will be increased travel to the offices in these locations.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.