Principal Software Engineer Job at Microsoft Corporation (Redmond)

Principal Software Engineer

Microsoft Corporation

Location:
United States , Redmond

Category:
IT - Software Development

Contract Type:
Not provided

Salary:

139900.00 - 274800.00 USD / Year

Save Job

Apply Position

Job Description:

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. The Opportunity Conditional Access is the real-time Zero Trust policy engine at the heart of Microsoft Entra ID. Every sign-in, every token, every agent request across Microsoft's identity platform flows through the system you'll shape. We're evolving CA from a human-centric access control layer into a universal policy engine for users, workloads, and AI agents — and we need a Principal Engineer to drive that architectural transformation. You'll own the technical vision for how Conditional Access scales to meet the next generation of identity: autonomous agents, continuous authorization, data-plane enforcement, and policy portability across authentication and runtime boundaries. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Job Responsibility:

Define the architecture for Conditional Access at identity-platform scale
Own the technical strategy for the CA evaluation engine — today processing millions of policy evaluations per second inside ESTS with sub-millisecond latency budgets
Design the next-generation policy model: portable, data-driven policies that evaluate at token-time and at the data plane (GSA, MISE, resource providers)
Drive convergence of token-time CA and Continuous Access Evaluation into a unified enforcement architecture
Lead the CA-for-Agents technical vision
Architect how CA evaluates agent identities as first-class actors — spanning OBO, S2S, CUA, and agentic chaining scenarios
Drive cross-org technical alignment
Partner with Identity Protection, Defender, Intune, Graph, GSA, and Azure networking to integrate risk signals, device posture, and network context into CA evaluation
Represent CA engineering in cross-IDNA architecture reviews, security design reviews, and partner alignment forums
Influence the ESTS roadmap for protocol-level changes required for agent governance (FIC, token exchange, CAE for OBO) Raise the engineering bar
Set standards for safe rollout of policy evaluation changes in a Tier 0 service — feature flags, canary-first deployment, blast-radius analysis
Drive testability and validation strategy: policy correctness proofs, synthetic tenant replay, and agent-driven test automation
Mentor senior engineers across the CA and ESTS stack
build the technical bench for the team's next chapter

Requirements:

Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
Deep expertise in distributed systems, high-performance runtime engines, or policy/rules engines operating at extreme scale
Strong background in identity, authentication, authorization, or security infrastructure — you understand OAuth2/OIDC, token semantics, and Zero Trust principles
Fluency in C# and large-scale .NET service development
experience with ESTS or equivalent identity platforms is a strong plus Architectural leadership
Track record of defining and driving multi-year technical strategies that span teams and organizations
Ability to make pragmatic tradeoffs between architectural purity and shipping velocity — you know when to invest in the long-term and when to ship the 80% solution
Experience designing systems that evolve incrementally under production load with zero downtime

Nice to have:

Deep expertise in distributed systems, high-performance runtime engines, or policy/rules engines operating at extreme scale
Strong background in identity, authentication, authorization, or security infrastructure — you understand OAuth2/OIDC, token semantics, and Zero Trust principles
Fluency in C# and large-scale .NET service development
experience with ESTS or equivalent identity platforms is a strong plus Architectural leadership
Track record of defining and driving multi-year technical strategies that span teams and organizations
Ability to make pragmatic tradeoffs between architectural purity and shipping velocity — you know when to invest in the long-term and when to ship the 80% solution
Experience designing systems that evolve incrementally under production load with zero downtime

Additional Information:

Job Posted:
April 27, 2026

Employment Type:

Fulltime

Work Type:

Hybrid work

Microsoft Corporation - All Job Offers

Job Link Share: