Security Assurance IC5

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The MicrosoftSecurityAnalysis & Fix Engineering (SAFE) team is dedicated to building and leveraging the world's most advanced static analysis platform to rapidly and accurately identify security weaknesses across the billions of lines of source code that go into Microsoft's products and services, empower efficient and effective corrective action by both developers and LLMs, and build complementary analysis capabilities to enable more effectively perform proactive secure development across the entirety of Microsoft. Our ambition is to make it effortless to elevate and keep billions of lines of code at themost cuttingedge of security understanding.

We are looking for a passionate and innovativePrincipal Security Engineerto join our highly collaborative team to help leverage our existing analysis capabilities,research and build detections to identify new security weaknesses across Microsoft products, as well as to help push the envelope of what can be detected through the development of novel analysis capabilities. The ideal candidate straddles the line of security engineer and software developer, with a deep understanding of the semantics of one or more programming languages coupled with expansive understanding of security vulnerabilities in one or more domains (Web, System, LLM/GenAI, etc.), with a strong collaborative instinct to both elevate others with their expertise, while also being elevated by others' expertise.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. Asemployeeswe come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positivelyimpactour culture every day.

• Investigate code vulnerabilities and generalize code patterns for detections

• Create static code analysis rules and expressions for finding vulnerable code patterns

• Apply static code analysis andvalidateresults manually and using automation

• Improve tooling used in static code analysis and results processing

• Assistwith active incident research, detection,mitigationand post-incident response

• Embody ourcultureandvalues