Description
Typical Day in the Role
• Purpose of the Team: The purpose of this team is to support security functions through Microsoft devices, focusing on supply chain security. They support manufacturing and digital transformation teams, encompassing both hardware and software production in operational and supporting tasks.
• Key projects: This role will contribute to supporting the operational side of the IVAZ program, which is a shared program between the devices operation side and the mixed reality side.
• Typical task breakdown and operating rhythm: The role will consist of 1) 70%: Working within a cloud infrastructure environment, supporting users, handling identity management, applying policies to resources, approving or denying user access requests, and supporting developers with scripts and tasks 2) 20%: Conducting security reviews, including software analysis and running tools on sandbox environments to ensure software meets security requirements.3) 10%: Onsite visits to client sites (currently Dallas, potentially California in the future) to address resource issues.
Compelling Story & Candidate Value Proposition
• What makes this role interesting? - This role provides opportunities for learning and career development,
• Unique Selling Points: 1) It is part of a very unique program at Microsoft, which is also unique compared to other companies working in this space 2) The role has high visibility with senior leadership due to its uniqueness 3) The team is dynamic, involving work with technical and non-technical teams, hardware and software teams, program managers, and factory managers, providing a broad scope of experience
We are seeking a highly experienced resource with expertise in Software Application Security, FISMA, FedRAMP, ITAR, CUI, and CMMC. The candidate will work closely with internal team to ensure that all software applications meet the highest security standards and comply with all relevant regulations and standards. The candidate will also be responsible for software analysis, developing and implementing security policies and procedures, and conducting risk assessments.
Key Responsibilities:
• Perform software review and analysis. Leveraging a deep understanding of windows registry, networking/firewall, the DNS protocol and client functionality, and proficiently with software analysis various tools.
• Ensure that all software applications meet the highest security standards and comply with all relevant regulations and standards, including FISMA, FedRAMP, ITAR, CUI, and CMMC.
• Work closely with the development team to identify and mitigate security vulnerabilities in software applications.
• Research current practices and develop and implement security policies and procedures for factory security procedures.
• Conduct risk assessments and recommend security enhancements to reduce risk.
• Solid understanding of cloud Identity Management technologies (RBAC, PIM, JIT, LPA)
• Experience with cloud policy management
Additional Skills & Qualifications
Candidate Requirements
• Years of Experience Required: 5+ overall years of experience in the field.
• Degrees or certifications required: it would be beneficial if the candidate has a technical degree and/or a security certification such as CISSP or Security+
• Disqualifiers: Candidates without security background will not be eligible for the role.
• Best vs. Average: The ideal resume would contain 1) Detailed security knowledge, including experience in identity management and role-based access control 2) Experience with cloud systems. 3) A strong background in security practices 4) experience in conducting security reviews and software analysis.
• Performance Indicators: Performance will be assessed based on feedback from clients and the teams the candidate will be working with and quality and completion of the work assigned to the candidate
Qualifications:
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• At least 7 years of experience in software application security, with a focus on FISMA, FedRAMP, ITAR, CUI, and CMMC.
• Experience with secure coding practices and software development lifecycle.
• Experience with software analysis tools such as procmon, procexp, sigcheck, regmon, fiddler. Familiarity with authenticode and digital signatures. Packet capture and analysis.
• Strong understanding of security technologies, including firewalls, intrusion detection and prevention systems, and vulnerability scanners.
• Excellent communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
• Strong problem-solving and analytical skills.
• Relevant industry certifications such as CISSP, CISM, or GIAC.
Pay and Benefits
The pay range for this position is $70.00 - $80.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a hybrid position in Redmond,WA.
Application Deadline
This position is anticipated to close on Feb 10, 2025.
About Actalent
Actalent is a global leader in engineering and sciences services and talent solutions. We help visionary companies advance their engineering and science initiatives through access to specialized experts who drive scale, innovation and speed to market. With a network of almost 30,000 consultants and more than 4,500 clients across the U.S., Canada, Asia and Europe, Actalent serves many of the Fortune 500.
Diversity, Equity & InclusionAt Actalent, diversity and inclusion are a bridge towards the equity and success of our people. DE&I are embedded into our culture through:
Hiring diverse talent Maintaining an inclusive environment through persistent self-reflection Building a culture of care, engagement, and recognition with clear outcomes Ensuring growth opportunities for our peopleThe company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
If you would like to request a reasonable accommodation, such as the modification or adjustment of the job application process or interviewing process due to a disability, please email actalentaccommodation@actalentservices.com for other accommodation options.