A party in a gay club was followed up by a recruitment pitch by Microsoft at last week's Black Hat Conference in Amsterdam. After enjoying the bohemian delights of Digital Darkness - such as shackles on the wall and heavily pixelated porn beamed onto the ceiling - the assorted hackers, pen testers and bug finders at the invite-only gig were given fliers (transcript below) inviting them to join the world's biggest software company.
A team of three from Microsoft attending the world's premier hacker get-together hoping to bring the sort of people Steve Ballmer's mum probably warned him about (some even had piercings and tattoos!) into the fold. Some might consider this as cruising for "rough trade" but perhaps it makes sense for Redmond to get these guys on the inside pissing out rather than the other way around...
Security Software Engineer
Can you 0wn someone just because they browsed your web site? Is the first thing you do after installing new software seeing how you can break it and get root? Can you tell me what \x90\x90\x90\x90\x90\x90\x90\x90 is? Can you modify a HTTPS request sent from an application to its server? Do you start code reviews by following a malicious input to see where it is parsed? Then we want you to save the world and have a blast doing it. As part of the SWIat Proactive team, you'd get to investigate the latest products being released by Microsoft before they are shipped for security vulnerabilities. We're trying to make all software secure all the time so computing is safe for everyone. If you think you have what it takes to be part of our team then we want to hear from you.
Candidates should have knowledge of Windows architecture and other in-depth knowledge of a product and the ability to find variations of security bugs. Candidates should possess a keen mind, be solid coders, and be fluent in C/C++. Knowledge of common hacking/networking tools, exploit writing, network cryptography, penetration testing, assembler or managed code is a plus. Security-mindedness is mandatory. A Bachelor's degree in Computer Science is preferred. Come and change a million lives by making Microsoft's products more secure!
Security Program Manager
"I wish they would have fixed some of these problems before they shipped this."
Ever thought or made a statement like this? Believe you could do better? If so, we have a job for you...
We are looking for smart, technical program managers to review products before they ship. You will ensure that products meet security standards and don't ship with issues that later need to be patched. As part of this position, you will need to review product designs and threat models, review bugs filed to make sure major issues aren't punted, and use tools to examine the products surface area.
We are looking for experienced candidates with strong communications skills, deep security and technical knowledge and strong process/planning experience required. A Bachelor's degree in Computer Science is preferred.
Security Software Engineer
Do you enjoy probing and analysing security vulnerabilities, finding holes in assumptions or sparring with product security measures? Do you want to make the world a safer place? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Secure Windows Initiative React Team (SWIat) Team! Use your knowledge and passion to strengthen Microsoft's product's defences. SWIat React is responsible for analysis and penetration testing all externally reported vulnerabilities. In addition, we work directly with all product teams to enhance security in their products with our findings.
Analyse and report externally reported vulnerabilities, test and validate our patches, drive process and tools back into product teams, and build custom tools to make Microsoft update and products safer and better. Not enough security for you? Well, you will also get a chance to work on any outbreaks of virii or worms! Wish you were on the front line of Slammer? Sasser? Blaster? MyDoom? You will! It's an exciting job, and at the end of the day, you'll be able to say, "I helped save the world".
Candidates should have knowledge of Windows architecture and other in-depth knowledge of a product and the ability to find variations of security bugs. Candidates must be sharp, must be solid coders, and must be fluent in C/C++. Knowledge of common hacking/networking tools, exploit writing, networking, cryptography, penetration testing, assembler is a plus. Security-mindedness is mandatory. A Bachelor's degree in Computer Science is preferred. Come and help make Microsoft's products more secure!