Feeds

Join Microsoft. Save the world

Redmond cruises for rough trade at hacker convention

  • alert
  • submit to reddit

SANS - Survey on application security programs

A party in a gay club was followed up by a recruitment pitch by Microsoft at last week's Black Hat Conference in Amsterdam. After enjoying the bohemian delights of Digital Darkness - such as shackles on the wall and heavily pixelated porn beamed onto the ceiling - the assorted hackers, pen testers and bug finders at the invite-only gig were given fliers (transcript below) inviting them to join the world's biggest software company.

A team of three from Microsoft attending the world's premier hacker get-together hoping to bring the sort of people Steve Ballmer's mum probably warned him about (some even had piercings and tattoos!) into the fold. Some might consider this as cruising for "rough trade" but perhaps it makes sense for Redmond to get these guys on the inside pissing out rather than the other way around...

Security Software Engineer
Can you 0wn someone just because they browsed your web site? Is the first thing you do after installing new software seeing how you can break it and get root? Can you tell me what \x90\x90\x90\x90\x90\x90\x90\x90 is? Can you modify a HTTPS request sent from an application to its server? Do you start code reviews by following a malicious input to see where it is parsed? Then we want you to save the world and have a blast doing it. As part of the SWIat Proactive team, you'd get to investigate the latest products being released by Microsoft before they are shipped for security vulnerabilities. We're trying to make all software secure all the time so computing is safe for everyone. If you think you have what it takes to be part of our team then we want to hear from you.

Candidates should have knowledge of Windows architecture and other in-depth knowledge of a product and the ability to find variations of security bugs. Candidates should possess a keen mind, be solid coders, and be fluent in C/C++. Knowledge of common hacking/networking tools, exploit writing, network cryptography, penetration testing, assembler or managed code is a plus. Security-mindedness is mandatory. A Bachelor's degree in Computer Science is preferred. Come and change a million lives by making Microsoft's products more secure!

applynow@microsoft.com

=======

Security Program Manager

"I wish they would have fixed some of these problems before they shipped this."

Ever thought or made a statement like this? Believe you could do better? If so, we have a job for you...

We are looking for smart, technical program managers to review products before they ship. You will ensure that products meet security standards and don't ship with issues that later need to be patched. As part of this position, you will need to review product designs and threat models, review bugs filed to make sure major issues aren't punted, and use tools to examine the products surface area.

We are looking for experienced candidates with strong communications skills, deep security and technical knowledge and strong process/planning experience required. A Bachelor's degree in Computer Science is preferred.

applynow@microsoft.com

=======

Security Software Engineer

Do you enjoy probing and analysing security vulnerabilities, finding holes in assumptions or sparring with product security measures? Do you want to make the world a safer place? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Secure Windows Initiative React Team (SWIat) Team! Use your knowledge and passion to strengthen Microsoft's product's defences. SWIat React is responsible for analysis and penetration testing all externally reported vulnerabilities. In addition, we work directly with all product teams to enhance security in their products with our findings.

Analyse and report externally reported vulnerabilities, test and validate our patches, drive process and tools back into product teams, and build custom tools to make Microsoft update and products safer and better. Not enough security for you? Well, you will also get a chance to work on any outbreaks of virii or worms! Wish you were on the front line of Slammer? Sasser? Blaster? MyDoom? You will! It's an exciting job, and at the end of the day, you'll be able to say, "I helped save the world".

Candidates should have knowledge of Windows architecture and other in-depth knowledge of a product and the ability to find variations of security bugs. Candidates must be sharp, must be solid coders, and must be fluent in C/C++. Knowledge of common hacking/networking tools, exploit writing, networking, cryptography, penetration testing, assembler is a plus. Security-mindedness is mandatory. A Bachelor's degree in Computer Science is preferred. Come and help make Microsoft's products more secure!

applynow@microsoft.com

®

Related stories

Microsoft is crawling toward trustworthy code experts
Too cool for secure code
Ballmer to crackers: this PC ain't big enough for the both of us

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.