Do you see software development as both a craft and an art? Are you the kind of engineer who looks at a problem, sees a path forward, and wants to build it, fast, thoughtfully, and with quality? If so, keep reading…
We're looking for Principal Software Engineers who want to make a meaningful impact and move quickly alongside a collaborative team, building innovative agentic and software-security solutions, including Microsoft MDASH.
Here’s what you’ll be working on:
On one end of the development spectrum sits source code, the human-readable logic developers create, review, and commit. On the other end sits the runtime: compiled binaries, running processes, and applications executing in production.
Today, these worlds are largely disconnected. Security teams can identify vulnerabilities in running applications without a clear or fast path back to the code that caused them. Developers often lack real-time insight into how their code behaves under attack. Closing that gap is one of the most important unsolved challenges in security.
We’re a new team forming now, building natively on Microsoft’s tech stack, with deep integration across the tools developers already use and rely on, including GitHub, Visual Studio, Azure, and more. MDASH is our first step. There’s much more ahead.
And to be clear, while we’re helping shape the future of AI and security, this job description isn’t AI-generated. It was written intentionally, because this work is about people. Great software is built by people, and it’s people who make Microsoft a great place to work.
There are very few places where an individual engineer’s code can directly impact customers. Defender is one of them.
If you enjoy building, care about solving meaningful problems, and want to work with people who are equally passionate, let’s talk.
Responsibilities
- Design, build, and improve systems that enhance security across software supply chains and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo).
- Analyze dependencies, vulnerabilities, and potential malware to help ensure the integrity and safety of software components.
- Apply program analysis techniques (static, dynamic, sandboxing/detonation, deobfuscation, behavioral analysis) to better understand and assess code behavior.
- Develop and operate scalable cloud-based pipelines (Azure preferred) for large-scale scanning, detection, and data processing.
- Contribute to and uphold supply chain integrity practices, including SBOM, SLSA, provenance, and artifact signing (e.g., Sigstore).
- Collaborate on threat detection and security research, including malware and vulnerability analysis, within security-sensitive systems.
- Integrate security capabilities with developer tools and platforms such as GitHub, Visual Studio, and CI/CD systems.
- Partner cross-functionally with engineering, security, and product teams to improve secure development practices.
- Continuously evaluate and improve detection methods, tooling, and processes to adapt to evolving security threats.
Qualifications
Required Qualifications
Bachelor’s Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
OR equivalent experience
Other Requirements
Ability to meet Microsoft, customer, and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years
Preferred Qualifications
- Master's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
- OR Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
- OR equivalent experience.
- 4+ years of experience designing, building, and shipping production backend services, platforms, or data pipelines.
- 4+ years of experience with software supply chain security and open-source ecosystems (e.g., npm, PyPI, NuGet, Maven, Cargo), including dependency, vulnerability, or malware analysis.
- 4+ years of experience with program analysis techniques (e.g., static/dynamic analysis, sandboxing, deobfuscation, behavioral analysis) to understand code behavior.
- 4+ years of experience building or operating large-scale cloud-based scanning, detection, or data-processing pipelines (Azure preferred).
- 4+ years of experience with supply chain security standards (e.g., SBOM, SLSA, provenance, artifact signing) and integrating with CI/CD systems.
Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $142,800 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
Skills Required
- Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience coding in C, C++, C#, Java, JavaScript, or Python (OR equivalent experience)
- Ability to meet Microsoft, customer, and/or government security screening requirements
- Pass Microsoft Cloud Background Check upon hire/transfer and every two years
- Master's Degree in Computer Science or related field AND 8+ years experience OR Bachelor's Degree AND 12+ years experience OR equivalent experience
- 4+ years designing, building, and shipping production backend services, platforms, or data pipelines
- 4+ years experience with software supply chain security and open-source ecosystems (npm, PyPI, NuGet, Maven, Cargo) including dependency, vulnerability, or malware analysis
- 4+ years experience with program analysis techniques (static/dynamic analysis, sandboxing, deobfuscation, behavioral analysis)
- 4+ years building or operating large-scale cloud-based scanning, detection, or data-processing pipelines (Azure preferred)
- 4+ years experience with supply chain security standards (SBOM, SLSA, provenance, artifact signing) and integrating with CI/CD systems
Microsoft Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Microsoft and has not been reviewed or approved by Microsoft.
-
Fair & Transparent Compensation — Pay is presented as broadly competitive overall, with clear role/level/location variation and an emphasis on using posted ranges and band information for apples-to-apples comparisons.
-
Retirement Support — Retirement benefits are described as a standout, highlighted by a strong 401(k) match structure and immediate vesting, plus additional plan features for tax-advantaged saving.
-
Parental & Family Support — Family-oriented benefits are portrayed as a meaningful strength, with substantial paid parental leave and added supports like back-up care and adoption/surrogacy assistance.
Microsoft Insights
What We Do
At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Our mission is grounded in both the world in which we live and the future we strive to create. Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable Microsoft and our customers to thrive in this world.







