Cloud Operations and Innovation (CO+I) is the engine that powers Microsoft's cloud services. The team is responsible for designing, building and operating our unified global datacenters; managing the demand planning and capacity utilization of our unified infrastructure; and responsible for all of the operations needed to run the physical infrastructure (including supply chain, hardware, power, security, and workflow teams). We focus on smart growth with an emphasis on automation, data driven engineering, cost-effectiveness, and environmental sustainability.
We deliver the core infrastructure and foundational technologies for Microsoft's over 200 online businesses including Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Microsoft Azure platform. Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide. Our core infrastructure is a target for cyber criminals, nation-state adversaries that seek to bring harm to our businesses, customers, and staff. Are you ready to help defend critical infrastructure assets?
Responsibilities
The Cloud Operations + Innovation Critical Environments Systems (ICS) Intelligence team is seeking a Senior Critical Environment Cyber Security Engineer to join our team! As a part of our Critical Environments Systems Intelligence team you will be critical to delivering our datacenter critical infrastructure systems, software, and equipment securely. This role is responsible for defining and establishing a cybersecurity adherence program that partners with other delivery programs to maintain and improve adherence and compliance to Operational Technology (OT) and ICS security requirements at Microsoft Datacenters. You will be accountable for defining and documenting the program elements, defining Objective-Key-Result (OKR) metrics, as well as staffing and funding requirements.
Elements of your program will be responsible for driving architectural security design reviews for OT projects for emerging and existing OT implementation scenarios. Your program will be accountable to coordinate and track work activities across the Critical Environments Systems Intelligence team for compliance to OT Security requirements. To that end your program must also work closely with existing security and operational functions to define and measure OT security governance requirements such as minimal hardware capabilities, minimum firmware patch levels, or application configuration requirements for 3rd party OT software.
To accomplish these outcomes, you will work closely with peer datacenter engineering and support teams, datacenter design and build teams, and key decision makers across CO+I. You will develop and rely heavily on key partnerships with global Datacenter Operations teams, Security Engineering teams, and CO+I teams responsible for the design and delivery of datacenters, Azure network engineering and architecture teams, and all groups affiliated with Microsoft Datacenters (Business & Property groups).
Qualifications
Required/Minimum Qualifications:
- Bachelor's Degree in Computer Science, Information Technology, or related field AND 3+ years technical experience in software engineering, network engineering, service engineering, or systems engineering
- OR equivalent experience.
- 3+ years' Program Management experience providing technical engineering or security services for Critical Infrastructure environments.
- 2+ years of industrial control system (ICS), electrical power monitoring (EPMS) and building automation systems (BAS).
Additional or Preferred Qualifications:
- Bachelor's Degree in Computer Science, Information Technology, or related field AND 8+ years technical experience in software engineering, network engineering, service engineering, or systems engineering
- OR equivalent experience.
- 3+ years technical experience working with large-scale cloud or distributed systems.
- Management Information Systems (MIS), or other industry or product specific Engineering Certifications.
- Experience with security standards and regulations such as SOC 2, ISO 27001, IEC 62443, Common Criteria, and UL 2900.
- Excellent understanding of cybersecurity principles, standards, and frameworks (e.g., NIST Cybersecurity Framework, ISA/IEC 62443).
- Industry recognized security certifications such as GIAC, CEH, CISM, CISA, or CISSP.
- In-depth knowledge of ICS protocols, architectures, and technologies, including SCADA, DCS, PLCs, and HMIs.
- Experience with vulnerability assessment tools, penetration testing, and incident response procedures.
- Working knowledge of vendor support contract terms, conditions, mechanism, and procedures.
Service Engineering IC4 - The typical base pay range for this role across the U.S. is USD $112,000 - $218,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
#COICareers