Principal Security Engineering Manager

Microsoft Microsoft · Big Tech · Redmond, WA +1 · Security Operations Engineering

Lead a team responsible for improving the security posture of production tenant environments through strong operational governance, risk reduction programs, and platform investments. This role focuses on building a disciplined execution engine, driving measurable improvements in isolation and application hygiene, and strengthening incident readiness and compliance-driven cloud buildouts within Microsoft's Cloud & AI organization.

What you'd actually do

  1. Lead a team that operates and improves production tenant security, driving consistent execution, governance, and hygiene across critical environments.
  2. Own end-to-end security risk program mechanics: intake → triage → prioritization → burn-down, with clear ownership, milestones, and measurable outcomes.
  3. Drive platform and operational improvements that reduce recurring misconfigurations, long-lived exceptions, and manual enforcement in production environments.
  4. Partner with engineering and security teams to strengthen isolation boundaries, reduce attack paths, and maintain durable security controls over time.
  5. Build and run incident readiness mechanisms (playbooks, coordination, post-incident follow-ups) to improve response effectiveness and reduce repeat issues.

Skills

Required

  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.
  • 1+ year(s) people management experience.

Nice to have

  • Deep technical knowledge of identity and access management (authN/authZ, RBAC/ABAC concepts, least privilege, credential/secrets hygiene) and how these controls are applied in real production environments.
  • Strong understanding of tenant security boundaries in large cloud platforms, including common failure modes (over-privilege, exception sprawl, misconfigured applications, weak isolation paths) and how to prevent drift over time.
  • Experience leading security programs/operations that translate risks into execution: clear prioritization, measurable burn-down plans, and durable operational mechanisms.
  • Strong understanding of tenant security boundaries in large cloud platforms, including common failure modes (over-privilege, exception sprawl, misconfigured applications, weak isolation paths) and how to prevent drift over time.
  • 6+ years leading security engineering/operations programs in large-scale cloud or enterprise environments, including people management experience.
  • Strong understanding of identity, access control, and security boundary/isolation concepts; comfortable engaging deeply with technical architecture and controls.
  • Proven ability to build operational rigor: prioritization frameworks, execution cadences, metrics, and partner accountability mechanisms.
  • Demonstrated experience influencing and driving outcomes across multiple teams with competing priorities.
  • Experience operating or governing security controls

What the JD emphasized

  • security screening requirements
  • Microsoft Cloud Background Check