The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

Team Overview
Our team is part of Microsoft’s Product Security Engineering organization, focused on securing solutions for regulated industries. We are a group of 7 security engineers led by Mathieu Durand (Principal Security Engineering Manager), working collaboratively to:

• Threat Modeling Excellence
  Conduct weekly threat models to identify and mitigate risks early in the development lifecycle
• Secure Future Initiative (SFI) Compliance
  Drive adoption of secure-by-default configurations, including managed identities and Defender for Cloud, ensuring production workloads meet compliance standards.
• Innovation & Automation
  Integrate AI-driven tools and automation into workflows to improve efficiency and scale security processes.
• Collaboration & Inclusion
  Operate under One Microsoft principles, fostering diversity and teamwork to deliver secure, compliant, and resilient solutions.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Join a high-impact team dedicated to securing Microsoft products and services for regulated industries. This role focuses on proactive threat modeling, compliance enforcement, and driving secure-by-default principles across cloud and enterprise solutions.
Key Responsibilities

• Threat Modeling & Risk Analysis
  Identify and mitigate security risks early in the development lifecycle through structured threat modeling sessions.
• Compliance & Standards
  Implement and validate security controls aligned with frameworks such as NIST 800-53, Secure Future Initiative (SFI), and industry regulations.
• Secure-by-Default Engineering
  Advocate and enforce configurations like managed identities, Defender for Cloud, and network isolation for production workloads.
• Automation & Innovation
  Develop scripts and leverage AI-driven tools to streamline security processes and scale threat modeling efficiency.
• Collaboration & Influence
  Partner with engineering teams, product managers, and compliance stakeholders to embed security into design and delivery.

• Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.

Preferred Qualifications:

• Knowledge of cloud security (Azure preferred) and enterprise security principles.
• Hands-on experience with threat modeling, secure coding practices, and compliance frameworks.
• Proficiency in PowerShell/Python scripting for automation.
• Familiarity with NIST 800-53 controls, identity management, and network security.
• CISSP or equivalent certification.
• Experience with regulated industry requirements (e.g., financial services, healthcare).
• Exposure to AI-driven security tools and automation workflows.
• Communication and collaboration skills; ability to influence across teams.

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.