Principal Software Engineer

Overview

Azure Compute hosts form the security and reliability foundation for Microsoft's cloud. As a Principal Software Engineer, you will lead the design and delivery of security-critical platform capabilities that protect host machines, enforce trust boundaries, and reduce systemic risk across control plane, host OS, and hardware-adjacent layers.

As a Principal Software Engineer, you will collaborate with a global network of professionals to build and support workflows for Azure servers. This role combines deep technical leadership, cross-team influence, and hands-on architecture/design work. You will define solutions for complex, ambiguous security problems, drive execution across organizations, and ensure that what ships measurably improves Azure's security posture.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Lead the architecture and technical strategy for host and node security investments, including privileged execution controls, boundary hardening, and compromise detection.
• Design and drive platform-level security controls that prevent lateral movement, contain blast radius, and enforce least-privilege operations.
• Define and evolve agent governance and code integrity models, eliminating ungoverned execution paths across host and system components.
• Provide technical leadership for high-precision security detections, ensuring scalability, signal quality, and operational effectiveness.
• Drive improvements in secrets, identity, and certificate security, including secure provisioning, rotation, and credential scoping.
• Partner across Azure Compute, Host OS, Identity, and Hardware/Firmware teams to deliver cross-boundary security solutions.
• Mentor and grow senior engineer, raise the technical bar through design reviews, code reviews, and engineering standards.
• Guide teams through security incidents and root cause analysis, translating live-site learnings into durable architectural fixes.
• Influence roadmap and investment decisions using risk reduction, reliability impact, and measurable KPIs.

Qualifications

Required Qualifications:

• Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR equivalent experience.
• 6+ year(s) of experience in technical design, problem-solving, and debugging.
• 6+ year(s) of experience with architecting large system and seeing them to production

Other Qualifications:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Bachelor's Degree in Computer Science
  • OR related technical field AND 10+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, OR Python
  • OR Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR equivalent experience.
• Experience in Security Engineering, particularly host, OS, or platform security.
• Familiarity with:
  • Privileged Execution Controls
  • Boundary and isolation mechanisms
  • Attestation/Hardware Root of Trust
  • Detection and Telemetry Systems
• Experience designing security detections or anomaly-based monitoring at scale.
• Background in credential, secrets, or certificate lifecycle management.
• Experience operating large-scale production services and leading through live-site incidents.
• Ability to translate risk and compliance requirements into practical engineering solutions.

#Azurecorejobs

Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
;br>
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.