Job Description
Do you see software development as both a craft and an art? Are you the kind of engineer who looks at a problem, sees a path forward, and wants to build it, fast, thoughtfully, and with quality? If so, keep reading…
We're looking for Principal Software Engineers who want to make a meaningful impact and move quickly alongside a collaborative team, building innovative agentic and software-security solutions, including Microsoft MDASH.
Here’s what you’ll be working on:
On one end of the development spectrum sits source code, the human-readable logic developers create, review, and commit. On the other end sits the runtime: compiled binaries, running processes, and applications executing in production.
Today, these worlds are largely disconnected. Security teams can identify vulnerabilities in running applications without a clear or fast path back to the code that caused them. Developers often lack real-time insight into how their code behaves under attack. Closing that gap is one of the most important unsolved challenges in security.
We’re a new team forming now, building natively on Microsoft’s tech stack, with deep integration across the tools developers already use and rely on, including GitHub, Visual Studio, Azure, and more. MDASH is our first step. There’s much more ahead.
And to be clear, while we’re helping shape the future of AI and security, this job description isn’t AI-generated. It was written intentionally, because this work is about people. Great software is built by people, and it’s people who make Microsoft a great place to work.
There are very few places where an individual engineer’s code can directly impact customers. Defender is one of them.
If you enjoy building, care about solving meaningful problems, and want to work with people who are equally passionate, let’s talk.
Responsibilities
- Design, build, and improve systems that enhance security across software supply chains and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo).
- Analyze dependencies, vulnerabilities, and potential malware to help ensure the integrity and safety of software components.
- Apply program analysis techniques (static, dynamic, sandboxing/detonation, deobfuscation, behavioral analysis) to better understand and assess code behavior.
- Develop and operate scalable cloud-based pipelines (Azure preferred) for large-scale scanning, detection, and data processing.
- Contribute to and uphold supply chain integrity practices, including SBOM, SLSA, provenance, and artifact signing (e.g., Sigstore).
- Collaborate on threat detection and security research, including malware and vulnerability analysis, within security-sensitive systems.
- Integrate security capabilities with developer tools and platforms such as GitHub, Visual Studio, and CI/CD systems.
- Partner cross-functionally with engineering, security, and product teams to improve secure development practices.
- Continuously evaluate and improve detection methods, tooling, and processes to adapt to evolving security threats.
Qualifications
Required Qualifications
Bachelor’s Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
OR equivalent experience
Other Requirements
Ability to meet Microsoft, customer, and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years
Preferred Qualifications
- Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
- OR Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
- OR equivalent experience.
- 4+ years of experience designing, building, and shipping production backend services, platforms, or data pipelines.
- 4+ years of experience with software supply chain security and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo), including dependency, vulnerability, or malware analysis.
- 4+ years of experience with program analysis techniques (e.g., static/dynamic analysis, sandboxing, deobfuscation, behavioral analysis) to understand code behavior.
- 4+ years of experience building or operating large-scale cloud-based scanning, detection, or data-processing pipelines (Azure preferred).
- 4+ years of experience with supply chain security standards (e.g., SBOM, SLSA, provenance, artifact signing) and integrating with CI/CD systems.
Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $142,800 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.