Principal Security Engineer - MSC STORM

Overview

We’re looking for experienced and driven principal security professionals to join our STORM security research group and help shape the security posture of Microsoft Specialized Cloud systems from the ground up. As part of our mission to embed security into all the development phases, you’ll lead design reviews, threat modeling, and security assessments across a wide range of technologies - from OS internals and virtualization to cloud platforms, containerized environments, and application security.

This is a high-impact role for security professionals who thrive on technical depth, cross-team collaboration, and influencing secure design at scale.

Responsibilities

• Lead security design and architecture reviews as well as threat modeling engagements for complex systems.
• Identify architectural vulnerabilities and guide engineering teams towards secure design patterns.
• Collaborate with security teams to identify vulnerabilities and embed security early in the product lifecycle.
• Communicate findings clearly to both technical and non-technical stakeholders.
• Drive security hardenings and security-driven redesign to improve security posture.
• Mentor engineers and promote a culture of security-first thinking.
  
  

Qualifications

• Expertise structured threat modeling and architectural risk analysis.
• Deep knowledge in one or more of the following:
• Operating System internals (Windows/Linux), memory management, and secure boot.
• Virtualization, Cloud Architecture, and Container security.
• Application Security principles and secure software development practices across microservices, APIs, and distributed systems
• Cloud-native services and their security implications (e.g., identity, secrets management, service mesh, serverless).
  
  

Preferred

• Strong sense of Responsibility and Leadership skills.
• Excellent communication skills - able to articulate complex security issues clearly and persuasively.
• Proven ability to lead cross-functional engagements and influence product teams.
• Analytical mindset with a “learn-it-all” attitude and strong problem-solving skills.
• Comfortable navigating ambiguity and organizational complexity.
  
  

Experience & Impact

• 10+ years in security engineering, architecture, or related roles.
• Demonstrated success in leading security reviews or threat modeling for large-scale systems.
• Prior experience in driving and managing internal security initiatives and integrating Secure Development Lifecycle (SDLC) concepts.
• Track record of identifying and mitigating vulnerabilities in OS, cloud, or infrastructure components.
• Proficiency in secure coding and code reviews.
• Familiarity with fuzzing and exploitation techniques.
  
  

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.