The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The IAMProtect team protects Microsoft’s most critical cloud services by reducing systemic security risk in the layers that matter most - identity, tenant governance, and core infrastructure trust boundaries. The Trusted Computing Base (TCB) represents the highest-impact set of services and trust seams where small gaps can create disproportionate blast radius. The Principal Security Engineer role is for a hands-on systems architect who can turn ambiguous risk into enforceable controls, drive adoption across engineering organizations, and make security provable in production through clear validation and telemetry.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

• Identify high-leverage security risks and trust seams affecting critical services, and translate them into clear, prioritized mitigation plans.
• Design enforceable security architectures and isolation patterns across identity, tenant/security boundaries, and adjacent infrastructure layers.
• Define security policies and guardrails that can be deployed safely at scale (phased rollout, validation gates, rollback strategy).
• Partner with engineering teams across organizations to land durable controls in production, reducing reliance on exceptions and manual processes.
• Establish proof mechanisms (telemetry/validation) to measure coverage, detect drift, and verify controls are continuously effective.
• Produce crisp technical artifacts (reference architectures, decision docs, implementation guidance) that unblock execution and scale adoption.

Required Qualifications:

• Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
    • OR equivalent experience.

Preferred Qualifications:

• 8+ years in security architecture and/or systems engineering for large-scale cloud or distributed systems.
• Strong technical depth in identity and access management (authN/authZ, RBAC/ABAC concepts, least privilege, credential/secrets lifecycle).
• Demonstrated experience designing security controls that are enforceable (not just reviews/standards) and driving them into production with partner teams.
• Strong written and verbal communication skills, including ability to influence senior technical stakeholders and drive decisions.
• Depth in one or more infrastructure verticals (e.g., networking, compute, storage, engineering systems, supply chain/security of build and release).
• Experience building or operating policy/guardrail platforms (stable contracts/APIs, orchestration, deployment validation, drift detection).
• Experience in incident-driven security improvements (translating real attack patterns into durable controls).
• Familiarity with compliance-constrained or regulated cloud environments (e.g., sovereign/regional deployments) and how to maintain security posture under constraints.

Security Operations Engineering IC5 - The typical base pay range for this role across the U.S. is USD $142,800 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.