Principal Security Operations Engineer Lead
Microsoft
Principal Security Operations Engineer Lead
Redmond, Washington, United States
Save
Overview
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
The IAM Protect team secures Microsoft’s most critical cloud services by reducing risks in the Trusted Computing Base (TCB). We focus on identifying adversary tactics and breach paths, driving structured risk burndown, and ensuring critical telemetry is consistently available for detection and response.
We are hiring a Principal Security Operations Engineer Lead to spearhead risk burndown initiatives across our most mission-critical services and build a cutting-edge center of excellence around the Secure Future Initiative (SFI) program's Protect Tenants and Isolate Production Systems (TI) pillar.
In this role, you will lead a high-impact team that blends deep technical expertise with tactical execution. The ideal candidate will havve a security engineering background with hands-on technical depth, combined with the program management and people management skills to coordinate across engineering teams, prioritize risk reduction, and deliver durable outcomes at scale. You will shape how we quantify and mitigate top risks, while driving impactful KPIs across Microsoft. This role is both technical and strategic - perfect for someone who thrives at the intersection of security operations, data, and engineering.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Qualifications
Minimum Qualifications:
- Master's Degree in Statistics, Mathematics, Computer Science or related field OR 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, security operations center (SOC) detection, threat analytics, security incident and event management (SIEM), and information technology (IT) operations.
- 3+ years people management experience.
- 7+ years of experience in security engineering, security operations, or technical program management with a focus on large-scale, cloud or enterprise environments
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
- Doctorate in Statistics, Mathematics, Computer Science or related field OR 9+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
- 5+ years people management experience.
- 2+ years leading a security function (e.g., Security Operations Center [SOC], threat and vulnerability management [TVM]).
- 2+ years experience leading multi-disciplinary teams.
- CISSP CISA CISM SANS GCIA GCIH OSCP Security+
- Experience building automated solutions for vulnerability management, threat detection, and security configuration drift.
- Understanding of security graph models, adversary techniques, attack path analysis, or breach path quantification, with an attacker mindset to identify weak links in the services/systems before adversaries exploit them.
- Hands-on experience with automation of telemetry/logging pipelines to validate security coverage at scale.
- Demonstrated expertise in identity, secrets, or infrastructure security, with hands-on experience reducing risk through technical controls, policy enforcement, or automation.
- Experience with AI/ML in security contexts, such as anomaly detection, predictive modeling, or triaging security signals using large datasets.
- Ability to translate complex technical risk into prioritized plans of action and measurable outcomes.
- Proven track record of driving cross-team initiatives across engineering, security, and operations organizations.
- Experience with data analysis and reporting, using telemetry, logs, or metrics to inform decisions and measure progress.
- Proficiency in Kusto/KQL and the ability to design and build tooling that scales across environments and teams.
Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until October 31, 2025.
Responsibilities
• Manage and retain direct reports that deliver results that measurably improve the security of Microsoft Services
• Brings clarity, creates energy, and drives results – sets the vision, rallies the team behind it, and helps deliver on the projects.
• Investigate security incidents, help contain threats, and provide technical support for high-impact response efforts.
• Partner across engineering and security teams to coordinate cross-team efforts, resolve blockers, and accelerate progress on high-impact initiatives.
• Apply a data-driven approach to define, track, and report risk metrics, giving leaders clear visibility into progress and gaps.
• Serve as a technical advisor and mentor to security engineers, sharing best practices for automation and secure-by-design patterns.
• Drive automation and efficiency by improving pipelines, validation frameworks, and onboarding flows to reduce manual effort.
• Gain exposure to the most sensitive services and systems, working at the intersection of security operations, engineering, and executive decision-making with direct impact on Microsoft’s cloud security posture.