Microsoft Software Engineer II Security 

Taiwan, Taoyuan City 

741917991

Required Qualifications:

• Bachelor's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR equivalent experience.
• 2+ years in leading large-scale technology programs (software development, infrastructure, cloud).
• 2+ years in security development, consulting, or penetration testing.
• Expertise in program lifecycle management from planning to execution, with continuous improvement.
• Experience in matrix environments with engineering managers, developers, and cross-functional teams.
• Knowledge of security architecture and secure design principles.
• Solid hands-on experience with the Security Development Lifecycle (SDL).
• Some familiarity with Agentic Frameworks (ex, LangChain, Autogen, MCP, Semantic Kernel).

Preferred Qualifications:

• Master's Degree in Computer Science or related technical field AND 3+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR Bachelor's Degree in Computer Science or related technical field AND 5+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR equivalent experience.
• 5+ years in leading large-scale technology programs (software development, infrastructure, cloud).
• 3+ years in security development, consulting, or penetration testing.
• 3+ years experience in product/service/project/program management or software development.
• Experience with Security threat modeling for new features.
• Experience conducting security assessments on Web Applications, Mobile Applications, Cloud Services running on variety of operating systems including containers.
• Experience with application security standards such as OWASP(Open Web Application Security Project ASVS (Application Security Verification Standard)/Top 10, CWE (Common Weakness Enumeration).
• Familiarity with multiple security standards (NIST, ISO) and regulatory (GDPR, CCPA, etc.).
• Experience with common security libraries, security controls, and common security flaws.
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams.
• Familiarity with web proxies such as Burp, or OWASP ZAP.
• CIPT, CISSP, CISA or GIAC certifications.
• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.
• Experience or familiarity with conducting Risk Assessment.

• Collaborate with product engineering to review RFC documents and identify security enhancement for secure design.
• Define new privacy security controls to mitigate AI risks identified from reviews, threat modeling, or incidents, and integrate these requirements into the SDL process.
• Manage tools to streamline security assessment processes and develop security automation scripts in (ex, Python, PowerShell, KQL).
• Partner with Legal, Marketing, Product, Engineering, and Data Science teams to embed privacy-by-design into product features.
• Provide guidance on the use of cookies, and other tracking technologies, including consent management and user choice mechanisms.
• Stay informed about new technologies and offer recommendations.
• Promote a positive security culture within engineering teams.
• Educate product engineers to recognize and avoid bad patterns.
• Collaborate with security and product teams to establish security controls and automation.
• Utilize a broad understanding of privacy and security to create new protections and standard secure-by-design behaviors.
• Embody our Culture & Values.