Principal Software Engineers
About The Position
We are looking for Principal Software Engineers who want to make a meaningful impact and move quickly alongside a collaborative team, building innovative agentic and software-security solutions, including Microsoft MDASH. This role involves working on systems that bridge the gap between source code and runtime, providing security teams with clear paths back to code that caused vulnerabilities and giving developers real-time insight into how their code behaves under attack. The team is new, building natively on Microsoft’s tech stack with deep integration across developer tools like GitHub, Visual Studio, and Azure. This is an opportunity to shape the future of AI and security, with the understanding that great software is built by people. The work directly impacts customers through the Defender product.
Requirements
- Bachelor’s Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
- Ability to meet Microsoft, customer, and/or government security screening requirements.
- Must pass the Microsoft Cloud background check upon hire/transfer and every two years.
Nice To Haves
- Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
- 4+ years of experience designing, building, and shipping production backend services, platforms, or data pipelines.
- 4+ years of experience with software supply chain security and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo), including dependency, vulnerability, or malware analysis.
- 4+ years of experience with program analysis techniques (e.g., static/dynamic analysis, sandboxing, deobfuscation, behavioral analysis) to understand code behavior.
- 4+ years of experience building or operating large-scale cloud-based scanning, detection, or data-processing pipelines (Azure preferred).
- 4+ years of experience with supply chain security standards (e.g., SBOM, SLSA, provenance, artifact signing) and integrating with CI/CD systems.
Responsibilities
- Design, build, and improve systems that enhance security across software supply chains and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo).
- Analyze dependencies, vulnerabilities, and potential malware to help ensure the integrity and safety of software components.
- Apply program analysis techniques (static, dynamic, sandboxing/detonation, deobfuscation, behavioral analysis) to better understand and assess code behavior.
- Develop and operate scalable cloud-based pipelines (Azure preferred) for large-scale scanning, detection, and data processing.
- Contribute to and uphold supply chain integrity practices, including SBOM, SLSA, provenance, and artifact signing (e.g., Sigstore).
- Collaborate on threat detection and security research, including malware and vulnerability analysis, within security-sensitive systems.
- Integrate security capabilities with developer tools and platforms such as GitHub, Visual Studio, and CI/CD systems.
- Partner cross-functionally with engineering, security, and product teams to improve secure development practices.
- Continuously evaluate and improve detection methods, tooling, and processes to adapt to evolving security threats.
Benefits
- Certain roles may be eligible for benefits and other compensation.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
