Senior Product Manager - CTJ

The M365 Trust team is looking for a product manager to operate a vulnerability management program area in support of a US government deployment of Microsoft 365. The vulnerability reporting platform is used to:

1. Drive vulnerability remediation with engineering teams that support M365 cloud services such as Exchange, SharePoint, and Microsoft Teams.
2. Evaluate compliance with vulnerability remediation timeframe requirements and if requirements are not being met, identify areas of improvement.
3. Provide evidence of vulnerability remediation compliance and residual risk to M365 customers monthly and with regulators annually during compliance audits.
   NOTE: The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Full Scope Polygraph.

ResponsibilitiesYou will be responsible for operating the vulnerability reporting platform, which consists of:

1. Work with vulnerability scanning technology such as secure baseline scanning that provides large amounts of data in hyperscale environments to manipulate, prioritize, and report on large quantities of vulnerability information.
2. Reviewing and approving exceptions when the vulnerability scanner finds false positives, or when service engineers have a business need to not resolve a vulnerability if the risk is sufficiently mitigated
3. Performing data analysis on large sets of data to help provide service engineers with insights needed to perform effective vulnerability remediation.
4. Triaging reports of problems with the platform to identify problems and either assist in resolution or bring the issue to the attention of the development team that supports the platform.
5. Create and review monthly customer reports including plans of action, mitigation milestones, risk evaluations.
6. Providing an overview of the platform, and evidence from the platform to customers and auditors at least yearly. Be able to describe in detail how vulnerability management reporting complies with all FedRAMP and related controls, including but not limited to sections IA and CM.
7. Identifying gaps in process or technology, developing a plan for resolution, soliciting feedback from peers and management, receiving buy-off from stakeholders, and driving the necessary improvements to completion.

QualificationsNOTE: The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
We are looking for an optimistic and positive security expert who focuses on what is possible and does not get stuck with what is wrong. We need someone who is pragmatic and who can accept (and is excited) that each day brings new challenges. Because of the scope and nature of this program, ambiguity is everywhere. You must be comfortable working with ambiguity and be comfortable making decisions without perfect information. We are at the start of long journey, so we need someone who can prioritize, focus, and get work done!
We are looking for someone with:

• 5+ years in security operations or security control design/implementation
• 5+ years' experience supporting vulnerability management scanning, reporting and remediation.
• 3+ years' experience implementing and operating vulnerability management reporting in an environment that aligns to FISMA, FedRAMP High, and NIS 800-53, among others.
• Experience with Security Technical Implementation Guide (STIG) standards, including best practices in a cleared environment.
• 5+ years working in the US Federal Government space (preferably in the Defense or Intelligence space)
• 3+ years of Program Management experience
• 3+ years of data analysis experience using query languages such as SQL/Kusto, scripting languages (Powershell, Python, etc), and tools such as Excel
• The ability to learn new tools and technologies
• Demonstrated ability to use data to influence & drive decisions
• BS/MS in computer science or equivalent experience
• Stellar cross group collaboration (soft skills)
• Ability to work independently in a dynamic mission-critical environments
• Previous experience with compliance certifications and audits would be helpful (FISMA/FedRAMP)

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .
#M365Core #EnterpriseCloud #M365Trust
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.