Tools for Software Engineers

Established: June 29, 2012

Internship opportunities

We are now accepting applications for summer internships in 2022.

Our team combines world-class engineers and leading software engineering researchers. Our customers are product groups within Microsoft. We are always open to collaboration with academia and hosted visiting researchers in the past. Our interns are typically students with interests in programming languages, distributed systems, information retrieval, or empirical software engineering.

Internships at Microsoft

Internships at Microsoft last 12 weeks and can be of a research or engineering nature. Most of our research projects are designed to result in a publication, which is especially valuable for PhD students. However, all our projects also focus on internal impact for Microsoft – that means solving real-world industry problems.

Accepted applicants will receive a competitive offer to join Microsoft for a period of 12 weeks. During your internship you will work with a team of high-quality and experienced software engineers and researchers. More details can be provided once we receive your application.

Application process

If 1ES sparks you interest, send an application to 1es-internships@microsoft.com and include the following information:

  • A short summary about yourself and the work you are interested in.
  • A CV.
  • A list of at least 3 people including their email addresses that we can contact for letters of reference.

We are excited to hear from you!

With the current situation with COVID-19, we have to announce that internships will be held virtually and we can only support candidates from the U.S. and Canada.

Projects

This year we are looking for candidates specifically interested in making contributions in the following areas:

  1. Security Monitoring detects anomalous activity and intrusions across Microsoft’s Engineering Systems, such as Azure DevOps (ADO), GitHub, and several other internal source control systems. The growing coverage in security monitoring capabilities helps protect our software supply chain through near real-time detection and orchestrated response. The Security Monitoring team also drives the rollout of policies across engineering systems, collects and analyzes data to ensure they have the intended result and to identify opportunities for improvement while minimizing impacts to developer productivity. PhD Interns on our team will have the opportunities to work on cybersecurity projects involving complex data analysis to identify anomalous behavior across large datasets.
  2. CloudMine provides a comprehensive repository of data pertaining to Microsoft engineering artifacts. Security Detections team ensures that all Microsoft engineering artifacts are free from security vulnerabilities. The very nature of these objectives results in a synergistic relation between the two teams: one of the processes in the Security Detection team ingests the CloudMine data and leverages sophisticated static analysis tools to identify security vulnerabilities. Thus, PhD interns working in the intersection of these teams will have the opportunity to make fundamental contributions to a wide spectrum of computational problems: ranging from large scale data analysis, machine learning, static analysis, security and distributed systems.
  3. CodeQL is a rich Static Analysis solution that offers advanced capabilities such as data flow and control flow analysis across numerous languages. Today, given the complex nature of the analysis, CodeQL takes substantial time to analyze and produce results. Hence, we cannot execute CodeQL as a part of pull requests, instead, run CodeQL in nightly or weekly sessions. When we find new issues, we file work items and follow up with developers to triage and address them. The goal of this project is to explore new approaches on how to scale CodeQL analysis to primarily focus on changed code and significantly reduce the overall turn-around time for fixing the issues.
  4. Our inventory solution helps engineering teams map and classify their engineering resources (repositories, builds, releases) accurately to their services. Utilizing this inventory of resources, our policy-aware system can apply critical controls, such as minimum code reviewers count, on these engineering resources at scale, while managing drift. Our products are at the forefront of various security and compliance efforts at Microsoft. PhD interns in the space team will get the opportunity to build scalable and reliable solutions that improve Microsoft’s security and compliance posture and maintain our customer’s trust and satisfaction. Our team is also looking to expand the use of machine learning in identifying and remedying risks to our engineering systems, such as identifying anomalous actions and risk heat maps of teams and products and removing data inaccuracies in resource ownership and classification.