Senior Product Manager - CoreAI
Microsoft
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. The 1ES (One Engineering System) team as are part of CoreAI is at the forefront of ensuring secure, compliant, and resilient engineering practices across Microsoft.
We are seeking a Senior Product Manager - CoreAI to lead our Software Supply Chain Security initiatives, with a focus on AI‑assisted remediation of security risks.
This role is critical to safeguarding Microsoft’s engineering ecosystem, ensuring compliance with emerging regulations such as the EU Cyber Resilience Act (CRA), and advancing the company’s leadership in secure software development practices.
Responsibilities
- Drive product vision and strategy for software supply chain security within 1ES, specifically for securing AI agents, MCP servers, and ensuring alignment with Microsoft’s compliance and security goals.
- Lead AI‑assisted risk remediation across Microsoft repositories, defining requirements and guiding engineering execution.
- Develop deep insights into open source consumption patterns, specifically across NuGet, NPM, PyPI, Maven, Cargo, and Go ecosystems, to inform risk mitigation strategies.
- Collaborate across engineering, security, compliance, and legal teams to ensure solutions meet both technical and regulatory requirements.
- Define success metrics and outcomes, track progress, and iterate based on data‑driven insights.
- Champion secure DevOps practices, integrating supply chain security into the full lifecycle of software development.
Qualifications
Required/Minimum Qualifications:
- Bachelor's Degree AND 5+ years experience in product/service/program management or software development OR equivalent experience.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred/Additional Qualifications:
- 4+ years of product management experience in security, compliance, or developer tooling domains.
- Domain knowledge of software supply chain security, including risks associated with open source package consumption.
- Hands‑on experience with AI models applied to security risk detection and remediation.
- Understanding of DevOps lifecycle and modern engineering practices.
- Track record of delivering complex, cross‑company initiatives with measurable impact.
- Communication and collaboration skills, with the ability to influence senior stakeholders across engineering and compliance.
- Experience of using and managing security aspects of MCP servers.
- Experience working with or contributing to open-source ecosystems (NuGet, NPM, PyPI, Maven, Cargo, Go).
- Familiarity with global regulatory frameworks, especially EU Cyber Resilience Act (CRA).
- Technical background (Computer Science, Engineering, or related field).
#CoreAI #1ES #MCP #AIAgents #DevSecOps #SupplyChainSecurity #AISecurity #ProductManagement #Security
Product Management IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.