Security Assurance Engineer

Overview

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

Team Overview

Our Team Is Part Of Microsoft’s Product Security Engineering Organization, Focused On Securing Solutions For Regulated Industries. We Are a Group Of 7 Security Engineers Led By Mathieu Durand (Principal Security Engineering Manager), Working Collaboratively To

• Threat Modeling Excellence: Conduct weekly threat models to identify and mitigate risks early in the development lifecycle
• Secure Future Initiative (SFI) Compliance: Drive adoption of secure-by-default configurations, including managed identities and Defender for Cloud, ensuring production workloads meet compliance standards.
• Innovation & Automation: Integrate AI-driven tools and automation into workflows to improve efficiency and scale security processes.
• Collaboration & Inclusion: Operate under One Microsoft principles, fostering diversity and teamwork to deliver secure, compliant, and resilient solutions.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

Join a high-impact team dedicated to securing Microsoft products and services for regulated industries. This role focuses on proactive threat modeling, compliance enforcement, and driving secure-by-default principles across cloud and enterprise solutions.

• Threat Modeling & Risk Analysis: Identify and mitigate security risks early in the development lifecycle through structured threat modeling sessions.
• Compliance & Standards: Implement and validate security controls aligned with frameworks such as NIST 800-53, Secure Future Initiative (SFI), and industry regulations.
• Secure-by-Default Engineering: Advocate and enforce configurations like managed identities, Defender for Cloud, and network isolation for production workloads.
• Automation & Innovation: Develop scripts and leverage AI-driven tools to streamline security processes and scale threat modeling efficiency.
• Collaboration & Influence: Partner with engineering teams, product managers, and compliance stakeholders to embed security into design and delivery.

Qualifications

• Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.

Preferred Qualifications

• Knowledge of cloud security (Azure preferred) and enterprise security principles.
• Hands-on experience with threat modeling, secure coding practices, and compliance frameworks.
• Proficiency in PowerShell/Python scripting for automation.
• Familiarity with NIST 800-53 controls, identity management, and network security.
• CISSP or equivalent certification.
• Experience with regulated industry requirements (e.g., financial services, healthcare).
• Exposure to AI-driven security tools and automation workflows.
• Communication and collaboration skills; ability to influence across teams.

Key skills/competency

• Threat Modeling
• Cloud Security
• Compliance Frameworks
• Risk Analysis
• Azure Security
• Python/PowerShell Scripting
• NIST 800-53
• Secure-by-Default Principles
• Identity Management
• Network Security