Principal Security Engineer

Microsoft Microsoft · Big Tech · Redmond, WA +1 · Security Operations Engineering

Principal Security Engineer role focused on protecting Microsoft's critical cloud services by reducing systemic security risk in identity, tenant governance, and core infrastructure trust boundaries. The role involves designing enforceable security architectures, defining scalable policies and guardrails, partnering with engineering teams, and establishing proof mechanisms for continuous control effectiveness.

What you'd actually do

  1. Identify high-leverage security risks and trust seams affecting critical services, and translate them into clear, prioritized mitigation plans.
  2. Design enforceable security architectures and isolation patterns across identity, tenant/security boundaries, and adjacent infrastructure layers.
  3. Define security policies and guardrails that can be deployed safely at scale (phased rollout, validation gates, rollback strategy).
  4. Partner with engineering teams across organizations to land durable controls in production, reducing reliance on exceptions and manual processes.
  5. Establish proof mechanisms (telemetry/validation) to measure coverage, detect drift, and verify controls are continuously effective.

Skills

Required

  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.

Nice to have

  • security architecture and/or systems engineering for large-scale cloud or distributed systems
  • identity and access management (authN/authZ, RBAC/ABAC concepts, least privilege, credential/secrets lifecycle)
  • designing security controls that are enforceable (not just reviews/standards) and driving them into production with partner teams
  • written and verbal communication skills, including ability to influence senior technical stakeholders and drive decisions
  • Depth in one or more infrastructure verticals (e.g., networking, compute, storage, engineering systems, supply chain/security of build and release)
  • building or operating policy/guardrail platforms (stable contracts/APIs, orchestration, deployment validation, drift detection)
  • incident-driven security improvements (translating real attack patterns into durable controls)
  • compliance-constrained or regulated cloud environments (e.g., sovereign/regional deployments) and how to maintain security posture under constraints

What the JD emphasized

  • enforceable security architectures
  • security policies and guardrails
  • deployed safely at scale
  • proof mechanisms
  • telemetry
  • validation