Principal Software Engineer

** Overview*
* Microsoft 365 Intelligent Conversation and Communications Cloud (IC3) powers billions of real-time customer conversations every day across Microsoft Teams, Dynamics, Azure Communication Services, and third-party solutions.

The AEGIS team is the security and privacy backbone of IC3. Our mission is zero-click compliance - automatically identifying and remediating security and compliance risks at scale, so IC3 services stay resilient, trusted, and compliant for highly regulated industries and global enterprises. AEGIS is a centralized security engineering force embedding security-by-design across hundreds of microservices, acting as first responders to incidents, pen-test findings, and compliance gaps, while driving the Secure Future Initiative (SFI) and modern security controls across IC3.

A growing part of our charter is building AI-driven, agentic security tooling - agents that detect vulnerabilities, continuously assess posture, triage findings, and drive (or auto-apply) remediation at cloud scale.

IC3's security surface is expanding faster than our senior technical ownership capacity, creating a material risk to consistent execution. A Principal IC security role is needed to provide the architecture depth, review rigor, quality gates, compliance judgment, and partner alignment required to keep security standards consistent across services and platform initiatives. This role is the senior technical anchor for AEGIS - setting the bar for how IC3 designs, ships, and operates secure systems, and acting as the trusted authority partner teams across IC3 and M365 rely on for the hardest security and compliance calls.

As a  
** Principal Software Engineer** , you will own the multi-year technical strategy and architecture for AEGIS's security platforms and AI agentic systems, raise the engineering and security bar across IC3 through design and code review, codify quality gates and SFI controls into reusable engineering systems, and drive alignment with security architects, MSRC, compliance, and service-owner leaders so that the security posture of IC3 advances as one program rather than dozens of disconnected efforts.

This position is based at the Redmond campus with 3 days per week work in the office and 2 days per week work from home. Relocation assistance is available.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

** Responsibilities*
* + Set the technical strategy and architecture for AEGIS - multi-service security platforms, AI agentic systems (agentic vulnerability detection, continuous assessment, triage, automated/recommended remediation), and the developer-facing surfaces hundreds of IC3 engineers depend on. Own the 12-24 month technical roadmap and trade-offs.

+ Provide architecture depth and review rigor across IC3 security work - lead design reviews, security reviews, and threat-model deep dives; act as the final technical reviewer on the most ambiguous, highest-risk designs; raise the bar without becoming a bottleneck.

+ Define and enforce quality gates - codify the policies, controls, telemetry, and pipeline checks (SFI waves, secure-by-default patterns, identity / network / data protections, container hardening, key management) that make consistent security execution the default across IC3 services.

+ Exercise compliance judgment - translate SOC 2, ISO 27001, GDPR, HIPAA, FedRAMP, DoD IL5, and Microsoft internal standards (SFI, S360) into concrete engineering requirements and automation; make the call when policy, business risk, and engineering reality conflict.

+ Drive partner alignment across IC3 and M365 - with security architects, MSRC, privacy, compliance, and service-owner leadership; resolve cross-team architectural disagreements; ensure SFI and incident-driven work lands as a coherent program, not isolated point fixes.

+ Apply AI/ML pragmatically and rigorously - set the architecture for agents that fuse service context, code signals, policy, and telemetry to reduce false positives, prioritize the highest-risk findings, and drive measurable remediation throughput; establish evaluation, safety, and human-in-the-loop patterns the rest of the org can adopt.

+ Own production posture and incident leadership - serve as a senior DRI, lead Sev 1/2 post-incident reviews, and ensure outcomes are durable engineering improvements, not one-offs.

+ Grow the bench - mentor senior and mid-level engineers, sponsor stretch work, contribute to hiring and calibration, and model inclusive, data-driven engineering culture.

+ Communicate with leadership - write the technical narratives, briefs, and reviews that align L3/L4 partners and executive stakeholders on direction, risk, and…