Principal Software Engineers

Microsoft Microsoft · Big Tech · Redmond, WA +1 · Software Engineering

Principal Software Engineers are sought to build innovative agentic and software-security solutions, focusing on closing the gap between source code and runtime security. The role involves designing, building, and improving systems for software supply chain security, analyzing dependencies and vulnerabilities, applying program analysis techniques, and developing scalable cloud-based pipelines. Integration with developer tools like GitHub and Visual Studio is key, as is contributing to supply chain integrity practices.

What you'd actually do

  1. Design, build, and improve systems that enhance security across software supply chains and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo).
  2. Analyze dependencies, vulnerabilities, and potential malware to help ensure the integrity and safety of software components.
  3. Apply program analysis techniques (static, dynamic, sandboxing/detonation, deobfuscation, behavioral analysis) to better understand and assess code behavior.
  4. Develop and operate scalable cloud-based pipelines (Azure preferred) for large-scale scanning, detection, and data processing.
  5. Contribute to and uphold supply chain integrity practices, including SBOM, SLSA, provenance, and artifact signing (e.g., Sigstore).

Skills

Required

  • Bachelor’s Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • equivalent experience

Nice to have

  • Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • equivalent experience.
  • 4+ years of experience designing, building, and shipping production backend services, platforms, or data pipelines.
  • 4+ years of experience with software supply chain security and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo), including dependency, vulnerability, or malware analysis.
  • 4+ years of experience with program analysis techniques (e.g., static/dynamic analysis, sandboxing, deobfuscation, behavioral analysis) to understand code behavior.
  • 4+ years of experience building or operating large-scale cloud-based scanning, detection, or data-processing pipelines (Azure preferred).
  • 4+ years of experience with supply chain security standards (e.g., SBOM, SLSA, provenance, artifact signing) and integrating with CI/CD systems.

What the JD emphasized

  • security screening requirements are required
  • Ability to meet Microsoft, customer, and/or government security screening requirements are required for this role.