Principal Software Engineer

Overview Microsoft 365 Intelligent Conversation and Communications Cloud (IC3) powers billions of real-time customer conversations every day across Microsoft Teams, Dynamics, Azure Communication Services, and third-party solutions. The AEGIS team is the security and privacy backbone of IC3. Our mission is zero-click compliance — automatically identifying and remediating security and compliance risks at scale, so IC3 services stay resilient, trusted, and compliant for highly regulated industries and global enterprises. AEGIS is a centralized security engineering force embedding security-by-design across hundreds of microservices, acting as first responders to incidents, pen-test findings, and compliance gaps, while driving the Secure Future Initiative (SFI) and modern security controls across IC3. A growing part of our charter is building AI-driven, agentic security tooling — agents that detect vulnerabilities, continuously assess posture, triage findings, and drive (or auto-apply) remediation at cloud scale. IC3’s security surface is expanding faster than our senior technical ownership capacity, creating a material risk to consistent execution. A Principal IC security role is needed to provide the architecture depth, review rigor, quality gates, compliance judgment, and partner alignment required to keep security standards consistent across services and platform initiatives. This role is the senior technical anchor for AEGIS — setting the bar for how IC3 designs, ships, and operates secure systems, and acting as the trusted authority partner teams across IC3 and M365 rely on for the hardest security and compliance calls. As a Principal Software Engineer, you will own the multi-year technical strategy and architecture for AEGIS’s security platforms and AI agentic systems, raise the engineering and security bar across IC3 through design and code review, codify quality gates and SFI controls into reusable engineering systems, and drive alignment with security architects, MSRC, compliance, and service-owner leaders so that the security posture of IC3 advances as one program rather than dozens of disconnected efforts. This position is based at the Redmond campus with 3 days per week work in the office and 2 days per week work from home. Relocation assistance is available. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Responsibilities Set the technical strategy and architecture for AEGIS — multi-service security platforms, AI agentic systems (agentic vulnerability detection, continuous assessment, triage, automated/recommended remediation), and the developer-facing surfaces hundreds of IC3 engineers depend on. Own the 12–24 month technical roadmap and trade-offs. Provide architecture depth and review rigor across IC3 security work — lead design reviews, security reviews, and threat-model deep dives; act as the final technical reviewer on the most ambiguous, highest-risk designs; raise the bar without becoming a bottleneck. Define and enforce quality gates — codify the policies, controls, telemetry, and pipeline checks (SFI waves, secure-by-default patterns, identity / network / data protections, container hardening, key management) that make consistent security execution the default across IC3 services. Exercise compliance judgment — translate SOC 2, ISO 27001, GDPR, HIPAA, FedRAMP, DoD IL5, and Microsoft internal standards (SFI, S360) into concrete engineering requirements and automation; make the call when policy, business risk, and engineering reality conflict. Drive partner alignment across IC3 and M365 — with security architects, MSRC, privacy, compliance, and service-owner leadership; resolve cross-team architectural disagreements; ensure SFI and incident-driven work lands as a coherent program, not isolated point fixes. Apply AI/ML pragmatically and rigorously — set the architecture for agents that fuse service context, code signals, policy, and telemetry to reduce false positives, prioritize the highest-risk findings, and drive measurable remediation throughput; establish evaluation, safety, and human-in-the-loop patterns the rest of the org can adopt. Own production posture and incident leadership — serve as a senior DRI, lead Sev 1/2 post-incident reviews, and ensure outcomes are durable engineering improvements, not one-offs. Grow the bench — mentor senior and mid-level engineers, sponsor stretch work, contribute to hiring and calibration, and model inclusive, data-driven engineering culture. Communicate with leadership — write the technical narratives, briefs, and reviews that align L3/L4 partners and executive stakeholders on direction, risk, and investment. Qualifications Required Qualifications: Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience. Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. Preferred Qualifications: Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience. 6+ years of experience designing, shipping, and operating production cloud or large-scale distributed services (Azure, AWS, or GCP). 4+ years of demonstrated experience in security, trust, or compliance engineering — secure design, threat modeling, authN/authZ, secrets and key management, network and data protection, vulnerability management, or incident response. Proficiency in one or more modern languages such as C#, Python, Go, or Java, with a track record of personally shipping and operating production code. Demonstrated track record of technical leadership without formal authority — leading multi-team designs, raising the bar via review, and influencing peer principals and architects. Demonstrated experience architecting and shipping platform / multi-service systems end-to-end with measurable, business-visible outcomes (risk reduction, MTTR, coverage, developer adoption). Hands-on experience applying AI / ML or LLM-based agentic systems to engineering or security problems — vulnerability detection, triage, code analysis, anomaly detection, developer copilots — including evaluation, safety, and human-in-the-loop design. Deep familiarity with cloud-native security controls at scale: managed identity, Key Vault / HSM, network isolation, container and Kubernetes hardening, policy-as-code, secure SDLC. Solid working knowledge of compliance and regulatory frameworks — SOC 2, ISO 27001, GDPR, HIPAA, FedRAMP, DoD IL5 — and a track record of encoding them into engineering automation and quality gates. Mature DevSecOps practice: CI/CD, infrastructure-as-code (Bicep, Terraform), observability/telemetry, shift-left tooling, and policy / control automation. Track record of mentoring senior engineers and influencing principal-level peers and architects across organizational boundaries. Experience leading Sev 1/2 incident response and converting incidents into durable engineering programs. Excellent written and verbal communication — able to align executives, peer principals, partner teams, and customers on complex technical and risk trade-offs. #IC3 Platform Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $142,800.00 - $274,800.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000.00 - $304,200.00 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. Insights from previous hires Top skills: Amazon Web Services (AWS), Apache Kafka, C++, Apache, Amazon Elastic Compute Cloud, Algorithms, Science, Python, MySQL, Microsoft Azure Common previous titles: Software Engineer II, Software Engineer, Senior Software Engineer, Engineer, Senior Software Engineer Manager, Senior Data Scientist, Solution Engineer, Senior Scientist, Principal Software Engineer, Principal Manager