Senior Product Manager - CoreAI

Microsoft•Redmond, WA

About The Position

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. The 1ES (One Engineering System) team as are part of CoreAI is at the forefront of ensuring secure, compliant, and resilient engineering practices across Microsoft. We are seeking a Senior Product Manager - CoreAI to lead our Software Supply Chain Security initiatives, with a focus on AI‑assisted remediation of security risks. This role is critical to safeguarding Microsoft’s engineering ecosystem, ensuring compliance with emerging regulations such as the EU Cyber Resilience Act (CRA), and advancing the company’s leadership in secure software development practices.

Requirements

Bachelor's Degree AND 5+ years experience in product/service/program management or software development OR equivalent experience.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

4+ years of product management experience in security, compliance, or developer tooling domains.
Domain knowledge of software supply chain security, including risks associated with open source package consumption.
Hands‑on experience with AI models applied to security risk detection and remediation.
Understanding of DevOps lifecycle and modern engineering practices.
Track record of delivering complex, cross‑company initiatives with measurable impact.
Communication and collaboration skills, with the ability to influence senior stakeholders across engineering and compliance.
Experience of using and managing security aspects of MCP servers.
Experience working with or contributing to open-source ecosystems (NuGet, NPM, PyPI, Maven, Cargo, Go).
Familiarity with global regulatory frameworks, especially EU Cyber Resilience Act (CRA).
Technical background (Computer Science, Engineering, or related field).

Responsibilities

Drive product vision and strategy for software supply chain security within 1ES, specifically for securing AI agents, MCP servers, and ensuring alignment with Microsoft’s compliance and security goals.
Lead AI‑assisted risk remediation across Microsoft repositories, defining requirements and guiding engineering execution.
Develop deep insights into open source consumption patterns, specifically across NuGet, NPM, PyPI, Maven, Cargo, and Go ecosystems, to inform risk mitigation strategies.
Collaborate across engineering, security, compliance, and legal teams to ensure solutions meet both technical and regulatory requirements.
Define success metrics and outcomes, track progress, and iterate based on data‑driven insights.
Champion secure DevOps practices, integrating supply chain security into the full lifecycle of software development.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume