Software Engineer II

As Microsoft continues to push the boundaries of AI, we are on the lookout for passionate individuals to work with us on the most interesting and challenging AI questions of our time. Our vision is bold and broad — to build systems that have true artificial intelligence across agents, applications, services, and infrastructure.

Data, Privacy and Security (DPS) team, advises on critical data protection & security design elements, proactively identifying architectural vulnerabilities and collaborates on solutions and design modifications to improve the overall security posture of Copilot offerings. This team partners with product engineering, penetration testers and privacy/security personnel.

As part of Microsoft's DPS team for Copilot, the Software Engineer II will collaborate with product engineering, penetration testers, and privacy & security personnel to identify and address vulnerabilities & privacy risks, define and integrate new controls, develop automation scripts, and promote a security-conscious culture.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.  

Responsibilities

• Collaborate with product engineering to review RFC documents and identify security enhancement for secure design.
• Define new privacy security controls to mitigate AI risks identified from reviews, threat modeling, or incidents, and integrate these requirements into the SDL process.
• Manage tools to streamline security assessment processes and develop security automation scripts in (ex, Python, PowerShell, KQL).
• Partner with Legal, Marketing, Product, Engineering, and Data Science teams to embed privacy-by-design into product features.
• Provide guidance on the use of cookies, and other tracking technologies, including consent management and user choice mechanisms.
• Stay informed about new technologies and offer recommendations.
• Promote a positive security culture within engineering teams.
• Educate product engineers to recognize and avoid bad patterns.
• Collaborate with security and product teams to establish security controls and automation.
• Utilize a broad understanding of privacy and security to create new protections and standard secure-by-design behaviors.
• Embody our Culture & Values.

Qualifications

Required Qualifications:

• Bachelor's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• 2+ years in leading large-scale technology programs (software development, infrastructure, cloud).
• 2+ years in security development, consulting, or penetration testing.
• Expertise in program lifecycle management from planning to execution, with continuous improvement.
• Experience in matrix environments with engineering managers, developers, and cross-functional teams.
• Knowledge of security architecture and secure design principles.
• Solid hands-on experience with the Security Development Lifecycle (SDL).
• Some familiarity with Agentic Frameworks (ex, LangChain, Autogen, MCP, Semantic Kernel).
• OR equivalent experience.

Preferred Qualifications:

• Master's Degree in Computer Science or related technical field AND 3+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• 5+ years in leading large-scale technology programs (software development, infrastructure, cloud).
• 3+ years in security development, consulting, or penetration testing.
• 3+ years experience in product/service/project/program management or software development.
• Experience with Security threat modeling for new features.
• Experience conducting security assessments on Web Applications, Mobile Applications, Cloud Services running on variety of operating systems including containers.
• Experience with application security standards such as OWASP(Open Web Application Security Project ASVS (Application Security Verification Standard)/Top 10, CWE (Common Weakness Enumeration).
• Familiarity with multiple security standards (NIST, ISO) and regulatory (GDPR, CCPA, etc.).
• Experience with common security libraries, security controls, and common security flaws.
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams.
• Familiarity with web proxies such as Burp, or OWASP ZAP.
• CIPT, CISSP, CISA or GIAC certifications.
• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.
• Experience or familiarity with conducting Risk Assessment.
• OR Bachelor's Degree in Computer Science or related technical field AND 5+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR equivalent experience.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#Microsoftai