Principal Security Operations Engineer
Microsoft
Principal Security Operations Engineer
Redmond, Washington, United States
Save
Overview
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
The IAM Protect team secures Microsoft’s most critical cloud services by reducing risks in the Trusted Computing Base (TCB). We focus on identifying adversary tactics and breach paths, driving structured risk burndown, and ensuring critical telemetry is consistently available for detection and response.
We are hiring a Principal Security Operations Engineer, Lead efforts to operationalize risk burndown campaigns and expand telemetry coverage across our critical services. The ideal candidate brings a security engineering background with hands-on technical depth, combined with the program management skills to coordinate across engineering teams, prioritize risk reduction, and deliver durable outcomes at scale. You will shape how we quantify and mitigate top risks, while ensuring telemetry pipelines are resilient, validated, and usable for hunt and investigation teams. This role is both technical and strategic - perfect for someone who thrives at the intersection of security operations, data, and engineering.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Qualifications
Qualifications
- Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
- OR 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
- Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
Preferred/Additional Qualifications
- Master's Degree or Doctorate Statistics, Mathematics, Computer Science or related field OR 10+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
- CISSP CISA CISM SANS GCIA GCIH OSCP Security+
- Experience building automated solutions for vulnerability management, threat detection, and security configuration drift.
- Understanding of security graph models, adversary techniques, attack path analysis, or breach path quantification, with an attacker mindset to identify weak links in the services/systems before adversaries exploit them.
- Hands-on experience with automation of telemetry/logging pipelines to validate security coverage at scale.
- Demonstrated expertise in identity, secrets, or infrastructure security, with hands-on experience reducing risk through technical controls, policy enforcement, or automation.
- Experience with AI/ML in security contexts, such as anomaly detection, predictive modeling, or triaging security signals using large datasets.
- Ability to translate complex technical risk into prioritized plans of action and measurable outcomes.
- Proven track record of driving cross-team initiatives across engineering, security, and operations organizations.
- Experience with data analysis and reporting, using telemetry, logs, or metrics to inform decisions and measure progress. Proficiency in Kusto/KQL and the ability to design and build tooling that scales across environments and teams.
- Excellent written and verbal communication skills, including the ability to influence technical and executive audiences.
Security Operations Engineering IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until September 26, 2025.
Responsibilities
- Lead structured risk reduction campaigns by converting adversary tactics (TTPs) and breach paths into prioritized cohorts and driving execution until closure.
- Build and scale telemetry coverage across critical services, ensuring validated, reliable data is available for our security response efforts.
- Investigate security incidents, help contain threats, and provide technical support for high-impact response efforts.
- Partner across engineering and security teams to coordinate cross-team efforts, resolve blockers, and accelerate progress on high-impact initiatives.
- Apply a data-driven approach to define, track, and report risk metrics, giving leaders clear visibility into progress and gaps.
- Integrate AI/ML solutions into security operation for intelligent incident triage, control validation, and telemetry analysis.
- Serve as a technical advisor and mentor to security engineers, sharing best practices for automation and secure-by-design patterns.
- Drive automation and efficiency by improving pipelines, validation frameworks, and onboarding flows to reduce manual effort.
- Gain deep exposure to the most sensitive services and systems, working at the intersection of security operations, engineering, and executive decision-making with direct impact on Microsoft’s cloud security posture.