Principal Security Engineering Manager

Overview

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

Production cloud environments are the control plane for Microsoft’s most critical workloads - changes and security posture in these environments can have broad impact on service continuity and trust. The Principal Security Engineering Manager role leads a team responsible for improving the security posture of production tenant environments through strong operational governance, risk reduction programs, and platform investments that make the safe path the default. You will build a disciplined execution engine across partner teams, drive measurable improvements in isolation and application hygiene, and strengthen incident readiness and compliance-driven cloud buildouts.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Lead a team that operates and improves production tenant security, driving consistent execution, governance, and hygiene across critical environments.

• Own end-to-end security risk program mechanics: intake → triage → prioritization → burn-down, with clear ownership, milestones, and measurable outcomes.

• Drive platform and operational improvements that reduce recurring misconfigurations, long-lived exceptions, and manual enforcement in production environments.

• Partner with engineering and security teams to strengthen isolation boundaries, reduce attack paths, and maintain durable security controls over time.

• Build and run incident readiness mechanisms (playbooks, coordination, post-incident follow-ups) to improve response effectiveness and reduce repeat issues.

• Develop and coach a high-performing team with a strong planning and execution culture, balancing partner needs with intentional prioritization.

Qualifications

Required Qualifications:

• Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response

• OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response

• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response

• OR equivalent experience.

• 1+ year(s) people management experience.

Other Requirements:

Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Deep technical knowledge of identity and access management (authN/authZ, RBAC/ABAC concepts, least privilege, credential/secrets hygiene) and how these controls are applied in real production environments.Strong understanding of tenant security boundaries in large cloud platforms, including common failure modes (over-privilege, exception sprawl, misconfigured applications, weak isolation paths) and how to prevent drift over time.

• Experience leading security programs/operations that translate risks into execution: clear prioritization, measurable burn-down plans, and durable operational mechanisms.

• Strong understanding of tenant security boundaries in large cloud platforms, including common failure modes (over-privilege, exception sprawl, misconfigured applications, weak isolation paths) and how to prevent drift over time.

• 6+ years leading security engineering/operations programs in large-scale cloud or enterprise environments, including people management experience.

• Strong understanding of identity, access control, and security boundary/isolation concepts; comfortable engaging deeply with technical architecture and controls.

• Proven ability to build operational rigor: prioritization frameworks, execution cadences, metrics, and partner accountability mechanisms.

• Demonstrated experience influencing and driving outcomes across multiple teams with competing priorities.

• Experience operating or governing security controls in production cloud environments (tenant governance, privileged access, application hygiene).

• Experience building programmatic incident readiness/response mechanisms and translating incidents into durable posture improvements.

• Experience supporting compliance-constrained or sovereign/regional cloud deployments.

• Track record of reducing operational toil via automation, standardized intake pipelines, and scalable governance.

Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $142,800.00 - $274,800.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000.00 - $304,200.00 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. (