Overview
Join Microsoft Entra's Global Secure Access (GSA) engineering organization, where we build security for modern work and AI-powered experiences at global scale. Our charter spans cloud-delivered networking and security capabilities aligned to Secure Access Service Edge (SASE), including identity-aware access, policy enforcement, and high-performance datapath services.
We are looking for a Principal Software Engineer to be a technical visionary in the SASE space. In this role, you will shape the architecture and technical roadmap for critical secure access capabilities, drive engineering standards and operational excellence across teams, and accelerate responsible AI adoption (including Copilot and AI-assisted engineering workflows) to improve developer productivity, reliability, and customer outcomes. You will lead by example through technical depth, clear communication, and sustained mentoring-raising the technical bar for the engineers you guide across the organization.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Own and evolve the end-to-end architecture for SASE capabilities (e.g., secure web gateway, ZTNA, identity-aware proxying, traffic steering, policy enforcement) across multiple services and teams.
Set technical direction and multi-release roadmap in partnership with Product Management, Security Research, and cross-organization engineering leaders; identify dependencies and drive crisp, durable design decisions.
Lead design reviews for high-impact systems and drive engineering standards across the product lifecycle (security, privacy, safety, accessibility, performance, reliability, and cost).
Write proof-of-concept code and/or deliver production code for critical path investments; actively troubleshoot difficult and complex issues in distributed, high-scale networking systems.
Drive operational excellence for live services, including telemetry strategy, incident response mechanisms, DR readiness, and post-incident learning to improve resilience and customer trust.
Accelerate responsible AI adoption across engineering (AI-assisted design, coding, testing, and operations); establish best practices, guardrails, and success metrics to measurably improve outcomes.
Mentor and sponsor engineers across levels; raise the bar through coaching, code and design feedback, and cultivating an inclusive culture that inspires technical excellence.
Qualifications
Required Qualifications:
Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
Experience designing, building, and operating cloud services and distributed systems at scale, including reliability, observability, and live-site operations.
Deep understanding of networking and network security fundamentals, including TCP/IP, HTTP/HTTPS, TLS, routing, and proxy-based architectures.
Proven technical leadership influencing architecture and engineering practices across teams (e.g., driving design reviews, setting standards, mentoring, and aligning stakeholders).
Experience building security products or platforms in areas relevant to SASE (e.g., secure web gateway, ZTNA, VPN replacement, identity-aware access, policy enforcement, traffic inspection).
Demonstrated industry leadership in SASE (e.g., published technical work, open-source contributions, standards participation, conference talks, patents, or externally visible technical leadership).
Hands-on experience with high-performance datapaths and L7 proxies (e.g., Envoy, NGINX, HAProxy) and/or packet processing (e.g., eBPF, DPDK, XDP).
Experience with Zero Trust policy systems, identity integration, and secure access architectures spanning users, devices, and workloads.
Experience driving adoption of AI-assisted engineering and/or applying ML/AI techniques to security telemetry, anomaly detection, or automation.
Experience leading cross-organization technical initiatives, influencing roadmaps, and delivering outcomes across multiple product lines.
C++, C#, Java, Go, Rust; OR equivalent experience.
2 years Kubernetes, 3 years of Network protocols or Software Firewall, Proxy development
Software Engineering IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. (https://careers.microsoft.com/v2/global/en/accessibility.html)
