Microsoft Yammer is the industry-defining social network for the enterprise. Millions of employees, including 85% of Fortune 500 companies use Yammer every day, to build community and culture, share knowledge, and connect with their leaders and each other.

Why Yammer?

Yammer was one of the first startup unicorns this past decade and was acquired by Microsoft in 2012.  Today, this means we get the benefits of a startup - rapid innovation, cutting-edge technology, outsized individual impact - with the advantages of working for one of the most successful software companies in the world. We work together in small, cross-functional teams - engineers, product managers, designers, data scientists - to design, deliver and operate delightful end user experiences to our tens of millions of users spread across the world.

We’ve always been mission-driven; In this post-Covid world, Yammer has become even more indispensable than ever as employees have a deep need for connection and a sense of belonging. We’ve been growing rapidly and need your help to take Yammer to the next level.

You will have:

• Autonomy and freedom to innovate
• Choice of the best of open source and Microsoft-internal technology
• The ability to experiment, A/B test, and make data-driven decisions
• Tons of opportunity for outsized impact as part of a small but mighty team on a rapidly-growing product needed now more than ever

At the same time, you also have the benefits of working at a top-tier tech company like Microsoft:

• Compensation, benefits, and perks
• Internal resources, technology, and opportunities for learning and growth
• Brand and networking
• Opportunity for massive scale as part of a suite with hundreds of millions of users

Our stack:

• Linux on Azure
• Java and Ruby micro services, deployed as docker containers
• Graph QL, DropWizard, Rails REST APIs
• Postgres/CosmosDB/Kafka/RabbitMQ/Redis storage and queuing
• Mesos container orchestration, HAProxy-based service mesh
• Wavefront metrics, Azure Data Explorer log aggregation, PagerDuty alerting

About this job :

Our mission is to build trust with both external and internal customers, by building secure & compliant solutions.  As a Yammer Security team member, you will be setting security controls and design requirements during the feature design & development stage of the software lifecycle. You will also help ensure that security across all aspects of the software is uniform by setting up checkpoints and reviews. You will also have opportunities to work in other areas as such as Compliance, Infra Security and Privacy. 

Responsibilities

• Security assessments of platform, data and clients, through code reviews, automation and security audits
• Implementing security controls and checkpoints to detect and prevent security issues early in cycle 
• Work with engineering and product teams in the design phase of products and features, conducting threat modeling and security architecture, design.
• On-call support for security and privacy escalations

Qualifications

Basic Qualifications 

• 5+ Years of experience in application security engineering 
• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25...
• Familiarity with common security libraries, security controls, and common security flaws.  
• Efficient with web proxies such as Burp or OWASP ZAP or Fiddler
• Experience with web security standards such as CSP, CORS, and emerging web security technologies.
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams. 
• Bachelor’s degree in Computer Science, Engineering, or equivalent work experience 

Preferred Qualifications/Attributes 

• Development or scripting experience. Java, Ruby, Ruby On Rails, GraphQL, REST preferred.  
• Understanding of OAuth and JWT implementations. 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.