Senior Software Engineer
Microsoft
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end-to-end, simplified solutions.
As a Senior Security Software Engineer in the SIGMA security engineering team, you will have an opportunity to contribute your deep technical leadership and problem-solving skills while leading a team of engineers working on the security of the underlying platform, code and infrastructure of many Microsoft products used by millions of customers.
You will define and drive security architecture and strategy across large-scale platforms and services. You are a recognized authority in security engineering, operating at the intersection of cloud, AI, and offensive and defensive security. This role requires setting long-term direction for secure automation, AI-assisted security systems, and continuous security assurance while enabling engineering teams to move fast without compromising trust.
You will influence security architecture across multiple organizations, guide investments in security capabilities, and ensure that security solutions are scalable, auditable, and aligned with Microsoft’s commitment to customer trust.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Responsibilities
- Define and lead security architecture for complex, large-scale platforms and shared services, including AI assisted security systems, threat modelling frameworks, and penetration testing orchestration.
- Set long term security strategy that balances security rigor, engineering velocity, and customer trust across multiple products and services.
- Establish standards and patterns for continuous security assurance, attack-surface intelligence, and automated threat modeling.
- Act as a trusted security advisor to senior engineering leaders, influencing roadmaps, architectural decisions, and cross team engineering practices.
- Partner with AI platform, cloud infrastructure, red team, blue team, and compliance organizations to ensure cohesive, end-to-end security outcomes.
- Mentor junior engineers, raising the technical and architectural bar across teams.
- Represent security architecture in high-impact design reviews, executive discussions, and strategic customer engagements.
- Research, develop, and deploy mitigations for recurring vulnerability patterns.
- Conduct security testing, research, and analysis activities.
Qualifications
- Bachelor’s degree in Statistics, Mathematics, Computer Science, or a related field, with experience in the software development lifecycle, large-scale computing, modelling, cybersecurity, and/or anomaly detection.
- More than 7 years of hands-on experience as a Security Researcher and/or Security Engineer designing, building, and operating large-scale enterprise security services solutions using cloud services, C#, .NET, or Java.
- Strong understanding of common software vulnerabilities (e.g., OWASP Top 10, CWE Top 25) in languages such as C#, JavaScript/HTML, C++, and C.
- Deep knowledge of software security principles, including authentication, authorization, and encryption.
- Proficiency in coding, debugging, and root cause analysis of vulnerabilities in cloud services, DevOps platforms, and AI systems.
- Deep expertise in threat modelling, attack path analysis, penetration testing concepts and practices, and secure automation.
- Strong understanding of Azure or large-scale cloud environments, including identity, networking, compute, and service to service security.
- Experience designing systems that incorporate AI/LLMs in security sensitive workflows with strong governance, auditing, and safety controls.
- Demonstrated ability to influence across teams and organizations without direct authority.
- Excellent communication skills, with the ability to explain complex security trade-offs to technical and nontechnical stakeholders.
Preferred Qualifications
- Experience building or operating continuous security assurance platforms or large‑scale security orchestration systems.
- Background in offensive security, red teaming, or advanced penetration testing.
- Proficient in cloud platforms such as Microsoft Azure (preferred), AWS, or GCP.
- Public track record of vulnerability research and discovery.
- Familiarity with modern security models such as OAuth and token-based authentication and experience delivering production-grade software or services.
- Recognized thought leadership in security architecture, whether through internal contributions, standards development, or industry engagement.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.