Overview
Microsoft has an exciting opportunity for a Software Engineer in the Cloud+AI Silver Team. This team will be responsible for deploying and operating a Secure Work Area, including the infrastructure for collaboration within an airgapped environment.
In this role, you will have the opportunity to work with engineers who enable a broad set of Azure services to be consumed by internal and external customers in highly secured and regulated industries. The systems and software you build will be required to meet the security policy and assurance requirements of both public and private sector customers.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
AI-Native Development
- Uses appropriate artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC) in a disciplined manner. Takes responsibility for the content of their AI-generated changes to artifacts, reviewing all changes and applying appropriate tooling and processes with minimal guidance.
Coding
Supports efforts to use debugging, tests, tools, logs, telemetry, and other methods to proactively verify assumptions before issues occur for product features in production. Conducts incident retrospectives to identify root causes of problems, implements repair actions, and identifies mechanisms to prevent incident recurrence with minimal supervision. Under minimal guidance, applies least-access principles, and uses logging, telemetry, and other appropriate mechanisms to investigate issues while retaining privacy and security.
Reviews product feature code and test code to ensure it meets team standards, contains the correct test coverage, and is appropriate for the product feature. Contributes to bringing insight to code reviews to help improve code quality, coaching and providing feedback to develop other engineers' skills with minimal guidance. Contributes to code reviews in a timely fashion that helps accelerate the pace of development on the team. Considers diagnosability, reliability, testability, and maintainability when reviewing code and understands when code is ready to be shared or delivered. Applies and reviews for coding patterns, security risks, compliance issues, and best practices in code reviews. Uses automated source code analysis tools that are incorporated into the build/development process with minimal supervision.
Creates and implements code for a product, service, or feature, reusing code as applicable with minimal supervision. Writes and learns to create code that is extensible and maintainable. Considers diagnosability, reliability, and maintainability with few defects, and understands when the code is ready to be shared and delivered. Applies coding patterns and best practices to write code (e.g., leveraging state-of-the-art generative artificial intelligence [GenAI], approaches to source code organization, naming conventions). Escalates identified blockers or unknowns during the development process, communicates how they will impact timelines, and contributes to identifying strategies and/or opportunities to address them with minimal supervision.
Design
Understands and provides feedback for proposals for architecture, with technical leadership from others. With minimal supervision, tests and explores various design options for a product/solution feature, outlining strengths and weaknesses of each option. Collaborates with architects with minimal supervision to build and modify a product/solution feature, providing feedback as needed. Begins to own or collaborate with other engineers on the architecture of solutions, following technical leadership as applicable. Contributes to the development of design documents that support user stories and other product requirements with oversight. Develops an awareness of the current technology landscape. Escalates and shares findings from investigations with the team and owns some design decisions. Helps to ensure system architecture and individual designs meet performance, scalability, resiliency, cost of goods sold (COGS), and other requirements and expectations. Upholds Microsoft standards of security, privacy, and other compliance requirements and expectations. Understands the importance of building solutions that expand upon the work of others. Contributes to the refinement of product features by escalating findings from analyses to inform decisions regarding the engineering of products.
Creates a clear test strategy that ensures solution quality, prevents regression from being introduced into existing code with minimal supervision. Executes test plans that incorporate security testing to validate security invariants (including negative cases) with minimal supervision. Adds new tests to cover gaps, deleting or fixing broken tests, improving the speed, reliability, and defect localization of tests in the feature area. Builds testable code and considers testability during design for a set of features with minimal guidance. Understands the different types of tests that can be done on a particular system (e.g., unit tests), and maintains up-to-date understanding of testing architectures used both across Microsoft and across the industry. Leverages artificial intelligence (AI) tools for test automation with minimal supervision.
Contributes to identifying dependencies, and incorporates them into the development of design documents for a product area with little oversight. Helps to actively identify other teams and technologies to leverage, how they interact, and where their own system or team can support others. Understands downstream interactions between systems. Contributes to collaborating with other teams to reach common goals where dependencies and validation concerns overlap.
Engineering Excellence
Contributes to the identification of requirements for, and development of automation within production and deployment of a complex product feature, targeting zero-touch deployment when possible. Runs code in simulated, or other non-production environments to confirm functionality and error-free runtime for products with little to no oversight.
Applies best practices to build code based on well-established methods and secure design principles while also applying best practices for new code development and formal validation of security invariants. Follows best practices for product development and scaling to customer requirements, and applies best practices for meeting scaling needs and performance expectations and security promises.
Builds knowledge, shares new ideas, and shares pinpoints of engineering tool gaps to improve software developer tools to support easier, faster, and more effective software engineering for complex product features. Identifies whether open source or internal code is available to address coding needs for a set of product features, and reuses it in a responsible manner where applicable. Develops higher-level awareness of tools outside current areas of expertise. Helps to identify and/or create tools that are useful for building the product, determining if methods are still applicable for the current solution.
Understands and applies security best practices and establishes code invariants to model "security as code," ensuring each layer is independently secure, and minimizing risk with minimal supervision. Adopts security standards for clear security code review practices for a set of product features that align with design and engineering principles to raise the security hardening for both protections and detections. Contributes to incorporating deployment gates on security controls, and scanners for a set of product features to prevent regressions and/or vulnerabilities that would have customer impact. Includes required security monitoring to ensure detection of violations with minimal guidance. With minimal supervision, works with relevant security partners to define security promises and security invariants while factoring in attacker/investigator personas for security monitoring and telemetry needs, ensure threat models and premortems validate upstream and downstream assumptions and security invariants, establish security breach drills and security incident response processes (e.g., impact analysis, containment), and ensure that artificial intelligence (AI) safety features are implemented for the AI production systems tied to a set of product features.
Contributes to efforts to ensure the correct processes are followed to achieve a high degree of security, privacy, safety, and accessibility. Checks for visible evidence (e.g., audit trail) to demonstrate compliance for product areas. Develops and holds an understanding of the implications of onboarding new technologies following expectations of compliance at Microsoft. Demonstrates and maintains an up-to-date understanding of both global and local regulations for technologies and system applications to ensure regulations are met.
Works with partner teams to ensure a set of product features work well with the components of the partner team with minimal supervision, contributing to efforts to ensure proper end-to-end testing, live-site coverage, scalability, performance, and DRI escalation pathways are established before going live.
Remains current in skills by investing time and effort into being informed of current developments that will improve the availability, reliability, efficiency, observability, and performance of products while also driving consistency in monitoring and operations at scale. Conducts learning and literary sessions to raise awareness on relevant engineering design principles (e.g., security, testability, performance, scalability, accessibility, product knowledge) with minimal guidance.
Implement
Reviews work items to deepen knowledge of product features in partnership with appropriate stakeholders (e.g., technical program managers) and executes project plans, release plans, and work items. Contributes to efforts to break down larger work items into smaller work items and providing estimation. Escalates issues that might cause a delay. Ensures required security protections and detection processes are accounted for in planning with minimal guidance. Contributes to ensuring project plans adhere to security, privacy, and compliance requirements. Ensures all code for a set of product/solution features is properly flighted for quicker mitigation of production incidents with minimal supervision. Calculates capacity for planning, accounting for appropriate failover and backup/restore mechanisms for disaster recovery for a set of features with minimal guidance. Makes considerations for efficient operation of a set of features after it is live with minimal supervision. Contributes to establishing a rollback plan for a set of features.
Learns about and supports deployment to customers by following the correct measures to push features out to customers. Follows safe change deployment practices (e.g., ensuring that flights are set correctly) for their team to minimize adverse impact to users and other services with managerial guidance. Learns about and applies best practices for the deployment of features safely with managerial oversight and/or guidance from more experienced peers. Contributes to monitoring dependency status and ensuring that only the latest, secure versions are deployed. Identifies when rollback plans should be enacted for a product feature with direct supervision. Contributes to building deployment infrastructure to allow developers' private builds for a product feature to be tested in a production-like environment.
Leveraging internal experimentation infrastructures, conducts experiments that determine the impact of changes, using feature flags/flighting in their code. Collaborates with internal partners (e.g., Data Science, product managers) to incorporate success and guard rail metrics for experimentation with minimal guidance.
Reliability and Supportability
Maintains operations of live site service, following security best practices when responding quickly to mitigate issues while using the minimum required permissions to do so that arise on a rotational, on-call basis. Identifies solutions and mitigations to simple issues and complex issues when applicable impacting performance or functionality of live site services and escalates appropriately. With minimal supervision, improves troubleshooting guides (TSGs), wikis, tests, and telemetry to make on-call better, and recommends user-facing support documentation and additional test coverage to reduce likelihood of future user-initiated incidents. Contributes to enabling secure operations, security monitoring, and integration with live site investigation activities with minimal oversight. Identifies and proposes opportunities (e.g., lunch talks, automation, practices, tools) that can be leveraged to improve the live site experience with minimal guidance.
Identifies areas to contribute to efforts to integrate logging and instrumentation for gathering telemetry data on system behavior such as performance, reliability, availability, usage, and safety mechanisms, and for allowing monitoring and investigating security-related concerns and scenarios for both live and A/B experiments for products, services, and offerings. Leverages telemetry feedback and effectiveness to contribute to improving subsequent monitoring designs with minimal guidance. Contributes to efforts to classify, and analyze data with little oversight on a range of metrics (e.g., health of the system, where bugs might be occurring), and helps to create outputs (e.g., notifications, dashboards) that improve monitoring and investigating security-related concerns and scenarios, system monitoring and/or issue identification and mitigation. Considers the privacy implications of telemetry code changes, and adding new data points with minimal guidance.
Acts as a designated responsible individual (DRI), working on-call to monitor a system/product feature/service for degradation, downtime, or interruptions. Alerts stakeholders as to the status and gains approval to restore system/product/service for simple problems. Responds within service level agreement (SLA) timeframe. Escalates issues to appropriate owners.
Understand User Requirements
- Works with appropriate internal stakeholders (e.g., product manager, privacy/security subject matter expert, technical lead) to understand and determine customer/user requirements for a set of features. Incorporates customer insights into future designs or solution fixes with minimal supervision. Incorporates unwritten requirements, such as appropriate continuous feedback loops that measure actionable, quantitative (e.g., customer value, usage patterns, solution performance) and qualitative (e.g., accessibility, globalization) indicators of value. Understands, and begins providing feedback on, and advocating for the security and privacy needs of the customer who will be using the set of features.
Qualifications
Required/minimum qualifications
Bachelor's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
Other Requirements:
**Security Clearance Requirements: **Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required pre-offer and post-hire for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.
Preferred qualifications
Master's Degree in Computer Science or related technical field AND 3+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR Bachelor's Degree in Computer Science or related technical field AND 5+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
Software Engineering IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about **requesting accommodations.**