Principal Security Engineer - MAI Data, Privacy, and Security, Microsoft AI - Copilot

Microsoft is at the forefront of AI innovation, tackling some of the most complex and significant AI challenges of our time. Our vision is ambitious—to deliver systems with genuine artificial intelligence capabilities across agents, applications, services, and infrastructure. 

The Security Engineering team within MAI ensures our advancements in AI are secure and trustworthy. We integrate robust security measures directly into our platforms, enabling secure and efficient incorporation of external data and services without compromising safety or privacy. 

We are looking for a Principal Security Engineer to lead security assessments and testing both internally and with external partners. You will partner closely with the product engineering team to ensure that good design decisions get made, identify risks and vulnerabilities, and design and implement solutions. Your role will ensure that Copilot and its integrations operate atop a robust security model that mitigates threats such as indirect prompt injection, unauthorized dataflows, and privacy breaches. 

An ideal candidate will have extensive experience in these areas, blending knowledge of novel attacks and defenses with judgment to help choose the best mitigations in a product context. 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required Qualifications:

• Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience. 
• Experience in security engineering, including assessment, remediation, and secure code development  
• Experience in security assessment methodologies, automated and manual testing techniques, and threat modeling.  
• Experience in remediation efforts across multiple product lines in one or more core security domains (networking, operating systems, software security).  

Preferred Qualifications:

• Experience assessing security specifically for AI/ML applications, including identification and remediation of risks through code or configuration changes.  
• Expertise in secure coding practices and code-level security in languages such as C#, Python, or similar. Familiarity with Rust, C++, or Go are pluses.  
• Experience working within AI, machine learning platforms, APIs, Retrieval-Augmented Generation (RAG), or similar technologies.  
• Understanding of AI/ML pipelines, including risks during and after both training and deployment.  
• Familiarity with interprocess communication in AI environments, including Agentic Model Context Protocol.  
• Deep understanding of agentic computing, communication patterns, and associated security considerations.  
• Demonstrated collaboration skills, with a proven track record of enabling partner teams and addressing systemic security risks proactively.  
• Experience implementing and interpreting performance, reliability, and risk metrics to drive security improvements.  

Software Engineering IC6 - The typical base pay range for this role across the U.S. is USD $163,000 - $296,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $220,800 - $331,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until June 9, 2025.

#MicrosoftAI #Copilot

• Lead comprehensive risks assessments, including automated risk identification, controls validation, and threat modeling across networking, operating systems, and application layers. 
• Identify security best practices, risks, and align remediations to vulnerabilities to drive remediation efforts effectively. 
• Proactively identify and help remediate security risks through code and configuration changes. 
• Collaborate closely with partner teams, facilitating their velocity by addressing and resolving underlying security issues. 
• Develop and maintain metrics to measure security impact, reliability at both tactical and strategic levels. 
• Provide security mentorship, fostering a culture of proactive security awareness and accountability. 
• Contribute to secure software development by writing, reviewing, and advising on secure coding practices, particularly in C#, Python, or equivalent languages.