GRC Senior Security Engineer

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world."

We are looking for a GRC Senior Security Engineer to join our team and help strengthen trust with customers while enabling the business to move quickly and responsibly. This role is ideal for someone who enjoys working across functions, evaluate security risks including technical concepts, hands-on experience working with or implementing security controls, and acting as a connector between teams. You will engage directly with customers and internal stakeholders to support security and compliance discussions, contribute to architecture reviews, provide detailed input on contract and customer documentation while helping to deliver clear, consistent messaging around risk, controls and commitments. The right candidate brings subject matter expertise in security, a strong understanding of core principles and frameworks, and the ability to adapt in a fast-paced, evolving environment. Success in the role means being a trusted partner - someone who can balance business priorities with sound technical and expert judgement, who communicates well across disciples, and who thrives on collaborative problem-solving.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities:

• Serve as a primary security and privacy liaison for both pre- and post-sales engagements while owning internal delivery and cross-team execution of security commitments, collaborating with Sales, Sales Support, Legal, and Engineering to address customer security and compliance concerns.
• Lead the completion of customer security questionnaires, RFPs, RFIs, and due diligence assessments, ensuring timely and accurate responses.
• Participate in customer meetings and calls to explain security architecture, data protection practices, and compliance posture.
• Support contract negotiation and redline security terms.
• Manage customer-facing audits and assurance engagements, including evidence preparation, documentation, and on-site/virtual support.
• Evaluate technical security controls and processes to ensure compliance with Microsoft and industry standards
• Act as a controls and compliance subject matter expert to the business, providing guidance and to internal teams
• Identify risks through assessment and collaborate with business stakeholders to develop and track remediation plans
• Facilitate remediation of identified risks in collaboration with stakeholders.
• Collaborate with engineering teams to integrate security controls into system and application designs.
• Provide technical assurance for new and existing solutions, ensuring robust authentication, authorization, data protection, and monitoring capabilities.
• Act as a key point of contact for security incidents, coordinating response efforts and customer communications.
• Ensure timely triage, investigation, and resolution of customer-reported issues.
• Act as a bridge between Security, Engineering, Legal, and Sales teams to ensure consistent messaging and alignment on customer commitments.
• Provide security guidance to internal teams, including Sales, Engineering, and Sales Support.
• Maintain and share security documentation, FAQs, and best practices to support consistent messaging and enablement.
• Drive automation and workflow improvements across security processes, including leading implementation with internal tooling or partners.
• Build and maintain strong, trust-based relationships with customers and key internal/external stakeholders by acting as a reliable security advisor, understanding their business needs, and proactively addressing concerns.
• Document and standardize security and compliance responses, workflows, and reference materials to support internal scalability

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Embody our culture and values

Qualifications:

Required/minimum qualifications

Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.

• Analytical skills - Ability to assess customer requirements, technical report and interpret industry regulations, and translate them into clear business impacts. Experience analyzing data for compliance risks then providing data-driven recommendations to customers or internal stakeholders.
• Compliance management - Hands-on experience working with high-compliance requirements such as healthcare and government). Managing compliance-driven customer engagements, ensuring alignment with regulatory frameworks (HIPAA, GDPR, etc.), supporting audits, or overseeing controls that support regulatory adherence.
• Strong written and verbal communication - Ability to explain complex compliance topics to diverse audiences, from customers in regulated industries to internal stakeholders. Comfortable drafting customer material, creating clear compliance communications, and presenting regulatory requirements in plain language.
• Problem solving - Ability to anticipate and address compliance-related customer challenges, ensuring timely resolution while maintaining trust. Able to handle escalated customer inquiries, design solutions to meet requirements without blocking remediation plans that satisfy both customers and compliance stakeholders.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Citizenship & Citizenship Verification : This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport.

Preferred Qualifications:

• Flexibility and adaptability when engaging with customers across multiple regulated sectors
• Judgment in balancing customer needs with regulatory obligations
• Project management for customer-facing compliance initiatives

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: ;br>
Microsoft will accept applications for the role until August 31, 2025.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#MSFTSecurity