Principal Software Engineer

About The Position

Requirements

• Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
• This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

• Deep expertise in distributed systems, high-performance runtime engines, or policy/rules engines operating at extreme scale
• Strong background in identity, authentication, authorization, or security infrastructure — you understand OAuth2/OIDC, token semantics, and Zero Trust principles
• Fluency in C# and large-scale .NET service development; experience with ESTS or equivalent identity platforms is a strong plus
• Architectural leadership
• Track record of defining and driving multi-year technical strategies that span teams and organizations
• Ability to make pragmatic tradeoffs between architectural purity and shipping velocity — you know when to invest in the long-term and when to ship the 80% solution
• Experience designing systems that evolve incrementally under production load with zero downtime

Responsibilities

• Define the architecture for Conditional Access at identity-platform scale
• Own the technical strategy for the CA evaluation engine — today processing millions of policy evaluations per second inside ESTS with sub-millisecond latency budgets
• Design the next-generation policy model: portable, data-driven policies that evaluate at token-time and at the data plane (GSA, MISE, resource providers)
• Drive convergence of token-time CA and Continuous Access Evaluation into a unified enforcement architecture
• Lead the CA-for-Agents technical vision
• Architect how CA evaluates agent identities as first-class actors — spanning OBO, S2S, CUA, and agentic chaining scenarios
• Drive cross-org technical alignment
• Partner with Identity Protection, Defender, Intune, Graph, GSA, and Azure networking to integrate risk signals, device posture, and network context into CA evaluation
• Represent CA engineering in cross-IDNA architecture reviews, security design reviews, and partner alignment forums
• Influence the ESTS roadmap for protocol-level changes required for agent governance (FIC, token exchange, CAE for OBO)
• Raise the engineering bar
• Set standards for safe rollout of policy evaluation changes in a Tier 0 service — feature flags, canary-first deployment, blast-radius analysis
• Drive testability and validation strategy: policy correctness proofs, synthetic tenant replay, and agent-driven test automation
• Mentor senior engineers across the CA and ESTS stack; build the technical bench for the team's next chapter
• Embody our Culture and Values

Benefits

• Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay