Principal Security Engineer

Microsoft•Redmond, WA

About The Position

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. The IAMProtect team protects Microsoft’s most critical cloud services by reducing systemic security risk in the layers that matter most - identity, tenant governance, and core infrastructure trust boundaries. The Trusted Computing Base (TCB) represents the highest-impact set of services and trust seams where small gaps can create disproportionate blast radius. The Principal Security Engineer role is for a hands-on systems architect who can turn ambiguous risk into enforceable controls, drive adoption across engineering organizations, and make security provable in production through clear validation and telemetry. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Requirements

Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.
Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

8+ years in security architecture and/or systems engineering for large-scale cloud or distributed systems.
Strong technical depth in identity and access management (authN/authZ, RBAC/ABAC concepts, least privilege, credential/secrets lifecycle).
Demonstrated experience designing security controls that are enforceable (not just reviews/standards) and driving them into production with partner teams.
Strong written and verbal communication skills, including ability to influence senior technical stakeholders and drive decisions.
Depth in one or more infrastructure verticals (e.g., networking, compute, storage, engineering systems, supply chain/security of build and release).
Experience building or operating policy/guardrail platforms (stable contracts/APIs, orchestration, deployment validation, drift detection).
Experience in incident-driven security improvements (translating real attack patterns into durable controls).
Familiarity with compliance-constrained or regulated cloud environments (e.g., sovereign/regional deployments) and how to maintain security posture under constraints.

Responsibilities

Identify high-leverage security risks and trust seams affecting critical services, and translate them into clear, prioritized mitigation plans.
Design enforceable security architectures and isolation patterns across identity, tenant/security boundaries, and adjacent infrastructure layers.
Define security policies and guardrails that can be deployed safely at scale (phased rollout, validation gates, rollback strategy).
Partner with engineering teams across organizations to land durable controls in production, reducing reliance on exceptions and manual processes.
Establish proof mechanisms (telemetry/validation) to measure coverage, detect drift, and verify controls are continuously effective.
Produce crisp technical artifacts (reference architectures, decision docs, implementation guidance) that unblock execution and scale adoption.