Application Security Engineer



Full time


May 4

Why join our team? 

The Yammer team was one of the first startup unicorns of the past decade and was acquired by Microsoft in 2012.  We retain the benefits of a startup – rapid innovation, cutting-edge technology, outsized individual impact – with the advantages of working for one of the most successful software companies in the world.  In this post-Covid world, employee experience is more important than ever – as employees have a deep need for connection and belonging.  We need your help to create new products that bring community, knowledge sharing and leadership engagement to tens of millions of users spread across the world.   


You will have:  

  • Autonomy and freedom to innovate 
  • Choice of the best of open source and Microsoft-internal technology  
  • The ability to experiment, A/B test, and make data-driven decisions 
  • Tons of opportunity for outsized impact as part of a small but mighty team on a rapidly-growing product needed now more than ever 


At the same time, you also have the benefits of working at a top-tier tech company like Microsoft:  

  • Compensation, benefits, and perks 
  • Internal resources, technology, and opportunities for learning and growth   
  • Brand and networking  
  • Opportunity for massive scale as part of a suite with hundreds of millions of users  


About this job: 

Our mission is to build trust with both external and internal customers, by building secure & compliant solutions.  As a Yammer Security team member, you will be setting privacy and security controls and design requirements during the feature design & development stage of the software lifecycle. You will also help ensure that privacy and security across all aspects of the software is uniform by setting up checkpoints and reviews.  


Our stack: 

  • Linux on Azure 
  • Java and Ruby micro services, deployed as docker containers 
  • GraphQL, DropWizard, Rails REST APIs 
  • Postgres/CosmosDB/Kafka/RabbitMQ/Redis storage and queuing 
  • Mesos container orchestration, HAProxy-based service mesh 
  • Wavefront metrics, Azure Data Explorer log aggregation, PagerDuty alerting 


  • Privacy and Security assessments of platform, data and clients, through code reviews, automation and security audits. 
  • Implementing privacy and security controls and checkpoints to detect and prevent issues early in the software development lifecycle. 
  • Work with engineering and product teams in the design phase of products and features, conducting threat modeling and performing security architecture and design reviews. 
  • Help engineering and product teams to understand compliance and privacy requirements. 
  • On-call support for security and privacy escalations. 



Required Qualifications  

  • 3+ years of experience in application security engineering. 
  • Outstanding collaboration and partnership skills, with proven ability to drive results across teams. 
  • Experience with application security standards such as OWASP ASVS/Top 10, CWE 25. 
  • Familiarity with common security libraries, security controls, and common security flaws.   
  • Bachelor’s degree in Computer Science, Engineering, or equivalent work experience. 


Preferred Qualifications

  • Understanding of privacy and compliance regulations such as GDPR, CPRA, SOC 2, ISO27k and others. 
  • Experience of privacy, compliance and security audits. 
  • Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler. 
  • Development or scripting experience. Java, Ruby, Ruby On Rails, GraphQL, REST preferred.   






Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.


Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Benefits and Perks

  • Industry leading healthcare
  • Savings and investments
  • Giving programs
  • Educational resources
  • Maternity and paternity leave
  • Opportunities to network and connect
  • Discounts on products and services
  • Generous time away

You must be logged in to to apply to this job.


Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information


View resume



We're on a mission to empower every person and every organization on the planet to achieve more.