Microsoft Principal Security Engineer 

Taiwan, Taoyuan City 

973670998

In this role, you’ll collaborate with product engineering teams to evaluate the security of their services and ensure we meet our security commitments. You’ll independently plan and lead security engagements, including identifying attack surfaces, setting up test environments, reviewing designs, and testing implementations for potential security risks. As you identify recurring issues or anti-patterns, you’ll be empowered to propose and drive improvements that raise the security baseline across multiple services by addressing root causes and eliminating entire classes of vulnerabilities.

Required Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  
  • OR a Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR equivalent experience
• 6+ years of experience performing security assessments and penetration testing
• 4+ years of experience securing cloud computing environments
• 4+ years of demonstrated coding skills in one or more popular languages and platforms such as C#, Python, Rust, or JavaScript, PowerShell

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 12+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
  
  • OR a Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
  • OR equivalent experience

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until July 17, 2025.

• Use subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities).
• Analyze complex issues using multiple data sources to identify security problems.
• Create new solutions to mitigate security issues and help drive resolution for systemic security issues.
• Effectively communicate security defects to stakeholders at various levels.
• Work as an effective and inclusive team player, sharing and learning from others.
• Read and understand code to analyze implementations for potential vulnerabilities and inform penetration testing efforts.
• Use common web penetration testing tools such as Burp Suite or other intercepting proxies to assess service security.
• Examine all layers of a service stack—including web UI, APIs, cloud environments, cluster orchestration, and Linux-based containers—to identify risks and opportunities for improvement.
• Suggest product enhancements that provide customers with secure-by-default experiences and eliminate entire classes of vulnerabilities.

• dy our