Principal Software Engineer - Security

The Intelligent Conversation and Communications Cloud (IC3) powers billions of real-time customer conversations in products across the Microsoft ecosystem (including Skype, Teams, and Dynamics) and third-party apps and experiences through Azure Communication Services. Our services are the foundation for reliable and high-quality audio/video calling, meeting, and messaging scenarios on desktop, mobile, web, and embedded endpoints. IC3’s mission is to make conversations more intelligent, creating best-in-class productivity tools for the modern workplace with the promise that every call, meeting, or chat makes the next one better.

Our team is seeking a Principal Software Engineer - Security to join our organization. This candidate will be passionate, self-motivated, and experienced in overall security aspects. This role is essential in building tools, processes, automation, and engineering infrastructure that empowers IC3 developers worldwide to create secure and compliant services trusted by both consumers and highly-regulated enterprises.

Our team's mission is to achieve "zero-click compliance" by automatically and continuously identifying and remediating compliance and security issues on behalf of service owners. We also strive to provide transparent data to service owners, security teams, and leadership on the state of our Azure services to minimize business risk.

As a small team of engineers, we are responsible for taking solutions from problem statement to prototype to internal product and potentially external product. Our work encompasses aspects of security, compliance, and site reliability. Our engineers enjoy vast autonomy, ownership of large-scale and high-impact projects, and the ability to make decisions that benefit the entire organization.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required/Minimum Qualifications

• Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Powershell or Python
  • OR equivalent experience.
• 3+ years of experience deploying and troubleshooting key security technologies across various platforms.
• 3+ years of experience working on services to design and implement secure architectures.

Additional or Preferred Qualifications 

• Experience with
  • massive-scale microservices architecture.
  • creating solutions for multiple operating systems and virtualization platforms.
  • detecting and fixing security violations across various platforms.
  • standards like Service Organization Control 2 (SOC2), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or Federal Risk and Authorization Management Program (FEDRAMP).
  • Azure's security and compliance frameworks and best practices.
  • automating security and compliance processes within Azure environments.
• In-depth knowledge of Azure services including Entra ID (formerly Azure Active Directory), application authentication, access policies, Azure Firewall, Network Security Groups (NSGs), and other Azure security tools.
• Familiarity with Azure's monitoring and logging tools, such as Azure Monitor and Azure Security Center.
• Proven ability to design and implement secure cloud architectures in Azure.

Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until June 19, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#M365

• Collaborate with geographically distributed teams across Microsoft (including IC3, Azure, and Office) and cross-functional disciplines (including developer, security, privacy, and compliance teams) to understand security, privacy, and compliance requirements for both our global consumer and enterprise offerings.
• Drive overall security initiatives across the IC3 organization by collaborating with upstream and downstream teams.
• Develop tools, processes, and architectures to help developers effortlessly meet security, privacy, and compliance requirements.
• Debug services and identify security vulnerabilities across various platforms.
• Assist service owners in onboarding and configuring their solutions to meet security standards.
• Assess the benefits of new security technologies and strategies to facilitate their secure adoption across the organization.
• Advocate for internal engineers and their experiences in building, continuously improving, and running secure services.
• Foster a data-focused culture and rhythm of business to systematically reduce risk.
• Work in a regulated environment and design compliance and security solutions.
• Transform incomplete, conflicting, or ambiguous inputs into solid plans.
• Make effective, data-driven trade-offs between competing business needs and between quick fixes and full-scale solutions.
• Design easy-to-use solutions for problems with complex constraints.
• Exhibit the ability to work cross-functionally in a global organization with diverse partners in different time zones.
• Mentor early in career team members to help them grow and develop their skills.
• Embody our Culture and Values