Product Security Engineer II

Overview

Our team is part of Microsoft’s Product Security Engineering organization, focused on securing solutions for regulated industries. Our work emphasizes embedding security directly into product design and development, rather than applying security as a post‑delivery checkpoint.

Core Focus AreasThreat Modeling Excellence

Conduct regular, structured threat modeling sessions with engineering teams to identify and mitigate risks early in the development lifecycle.Secure Future Initiative (SFI) Compliance

Drive adoption of secure‑by‑default cloud configurations, including managed identities, Defender for Cloud, and network isolation, ensuring production workloads meet compliance standards.Engineering‑Led Innovation & Automation

Build scripts, tools, and AI‑assisted workflows to improve efficiency, reduce manual security effort, and scale security processes.Collaboration & Inclusion

Operate under One Microsoft principles, fostering diversity, inclusion, and strong partnerships with product, engineering, and compliance teams to deliver secure and resilient solutions.

Culture & Values

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day, we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.In alignment with Microsoft values, we are committed to cultivating an inclusive work environment for all employees and positively impacting our culture every day.

Responsibilities

Join a high‑impact team dedicated to securing Microsoft products and services used in regulated environments. This role blends hands‑on engineering depth with product security expertise, partnering closely with development teams to influence secure design decisions at scale.This position is aligned to L63 (Product Security Engineer II).

Key Responsibilities

• Threat Modeling & Risk AnalysisIdentify and mitigate security risks early in the software development lifecycle through structured threat modeling sessions with engineering teams.
• Secure Design & Architecture Reviews Review cloud architectures, APIs, identity flows, and deployment patterns to ensure secure‑by‑default engineering decisions.
• Secure‑by‑Default Engineering Advocate for and enforce use of managed identities, least‑privilege access, Defender for Cloud, and network isolation for production workloads.
• Compliance & Security Standards Implement and validate security controls aligned with Secure Future Initiative (SFI), NIST 800‑53, and regulated industry requirements.
• Automation & Engineering Enablement Develop scripts and lightweight tooling using PowerShell and/or Python to scale security reviews, threat modeling, and compliance validation. Also use of AI for automation.
• Collaboration & Influence Act as a trusted security engineering partner to software engineers, architects, and product managers, providing practical, code‑ and architecture‑level guidance.
  
  

Qualifications

• 7+ years of experience in software development lifecycle, cloud engineering, threat modeling, or product security AND Master’s Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field OR Bachelor’s Degree in a related field AND 7+ years of relevant experience OR Equivalent practical experience demonstrating strong engineering and security fundamentals
  
  

Preferred Qualifications

• Strong understanding of cloud security and cloud‑native architectures (Azure preferred)
• Hands‑on experience with software development, infrastructure‑as‑code, or platform engineering
• Practical experience with threat modeling and secure design principles
• Proficiency in PowerShell and/or Python, .NET for automationFamiliarity with identity and access management, network security, and zero‑trust principles
• Working knowledge of NIST 800‑53, SFI, or similar compliance frameworks
• Experience supporting regulated industries (e.g., healthcare, financial services)
• Exposure to AI‑driven security tools and automation workflows
• Strong communication and collaboration skills with the ability to influence engineering teams
• CISSP or equivalent certification is a plus
  
  

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

---