Software Engineer - CTJ - POLY

Overview

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Are you interested in working for on cutting-edge cloud security products? Would you like to be part of one of the world's most advanced cyber-security solutions and protect millions of computers from thousands of active attack attempts, every month? Look no further than the Microsoft Defender engineering team. You will be building and delivering cloud solutions to meet the scale that few companies in the industry are required to support. Leveraging state-of-the-art technologies, you will be instrumental in delivering holistic protection within government environments. The Microsoft Defender team is responsible for delivering a constantly evolving set of services and solutions to meet the challenging landscape of our ever-evolving attackers.

This is a combined DevOps team which provides leadership, direction, and accountability for cloud design, service architecture, engineering infrastructure, and data platform development. We are currently looking for Software Engineer II to join the team. You will help conduct business reviews and operate our production services. Collaboration skills will be required to work closely with other engineering teams to ensure services and systems are highly stable, meet performance Service level agreements (SLA), and meet the expectations of internal and external customers and users.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others andcollaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

AI-Native Development

• Independently uses appropriate artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC) in a disciplined manner. Takes responsibility for the content of their AI-generated requirements, design documents, code, and other assets, assisting other members of the team to do the same. Uses SDLC and engineering health measures (e.g., Accelerate, SPACE framework, Engineering System Success Playbook [ESSP]) to improve processes and practices, especially those involving AI. Experiments with AI tools and practices to improve their own capabilities.

Coding

• Reviews product code and test code to ensure it meets team standards, contains the correct test coverage, and is appropriate for the product or solution area. Brings insight to code reviews to help improve code quality, coaching and providing feedback to develop other engineers' skills. Conducts code reviews in a timely fashion that helps accelerate the pace of development on the team. Considers diagnosability, reliability, testability, and maintainability when reviewing code, and understands when code is ready to be shared or delivered. Applies and reviews for coding patterns, security risks, compliance issues, and best practices in code reviews, providing feedback on code to drive adherence to best practices. Uses automated source code analysis tools that are incorporated into the build/development process.
• Uses debugging tools, tests, logs, telemetry, and other methods to proactively verify assumptions while developing code before issues occur for products in production. Conducts incident retrospectives to identify root causes of problems, implements repair actions, and identifies mechanisms to prevent incident recurrence. Independently applies least-access principles, uses logging, telemetry, and other appropriate mechanisms to investigate issues while retaining privacy and security, and drives those practices across the team.
• Leads by example within the team to produce extensible, maintainable, well-tested, secure, and performant code that adheres to design specifications. Continuously improves code performance, testability, maintainability, effectiveness, and cost, while learning about and accounting for relevant trade-offs. Applies metrics to drive code quality and stability. Applies appropriate coding patterns and best practices (e.g., leveraging state-of-the-art generative artificial intelligence [GenAI], approaches to source code organization, naming conventions). Identifies and escalates blockers or unknowns during the development process, communicates how they will impact timelines, and identifies strategies and/or opportunities to address them.

Design

• Independently creates a clear test strategy that ensures solution quality, prevents regression from being introduced into existing code. Ensures test plans incorporate security testing to validate security invariants (including negative cases). Drives adding new tests to cover gaps, deleting or fixing broken tests, and improving the speed, reliability, and defect localization of the test suite. Independently builds testable code and considers testability during design for a project/sub-section of a product/solution. Understands the different types of tests that can be done on a particular system (e.g., unit tests), maintains up-to-date understanding of testing architectures used both across Microsoft and across the industry, and applies them across the architecture as appropriate. Identifies difficult or untestable sections of codes for a project/sub-section of a product/solution for future design or rearchitecture discussions. Leverages artificial intelligence (AI) tools for test automation.
• Identifies dependencies and incorporates them into the development of design documents for a product, application, service or platform. Actively identifies other teams and technologies to leverage, how they interact, and where their own system or team can support others. Understands upstream and downstream interactions between systems and ensures security, compliance, performance, and reliability can be achieved across the entire stack. Collaborates with other teams to reach common goals where dependencies and validation concerns overlap. Works across teams to resolve conflicts around dependency ownership and required work.
• Leads discussions for and owns the architecture of a products/solutions and creates proposals for architecture by testing design hypotheses and develop complex design specifications. Tests and explores various design options for a complex product/solution scenario, outlining strengths and weaknesses of each option. Independently collaborates with architects to build and modify complex products/solutions, providing feedback as needed. Owns or collaborates with other engineers on the architecture of solutions, with minimal technical oversight. Develops design documents that support user stories and other product requirements. Maintains awareness of the current technology landscape, and determines how to integrate these technologies within existing systems. Shares learnings and identified solutions from investigations with the team and owns for some design decisions. Ensures system architecture and individual designs meet performance, scalability, resiliency, cost of goods sold (COGS), disaster recovery, and other requirements and expectations. Upholds Microsoft standards of security, privacy, and other compliance requirements and expectations. Understands and coaches less experienced engineers on the importance of building solutions that expand upon the work of others. Drives the refinement of products through data analytics, and makes informed decisions in engineering products through data integration. Reviews designs/architectures within and across teams to provide recommendations for improvements.

Engineering Excellence

• Applies best practices to build code based on well-established methods and secure design principles while also applying best practices for new code development and formal validation of security invariants. Drives product development and scaling to customer requirements and applies best practices for meeting scaling needs and performance expectations and security promises.
• Considers, identifies requirements for, and drives comprehensive application of automation within production and deployment of a product, targeting zero-touch deployment when possible. Runs code in simulated or other non-production environments to confirm functionality and error-free runtime for products.
• Drives efforts to ensure the correct processes are followed to achieve a high degree of security, privacy, safety, and accessibility. Creates and assures the presence of visible evidence (e.g., audit trail) to demonstrate compliance for products. Develops and maintains a deep understanding of the implications of onboarding new technologies following expectations of compliance at Microsoft. Demonstrates and maintains an up-to-date understanding of both global and local regulations for technologies and system applications to ensure regulations are followed and met.
• Works with partner teams to ensure a project/sub-system of a product works well with the components of the partner team, ensuring proper end-to-end testing, live-site coverage, scalability, performance, and DRI escalation pathways are established before going live.
• Remains current in skills by investing time and effort into being informed of current developments. Proactively seeks new knowledge, evaluating new trends, technical solutions, and patterns, assessing how to adapt them to current problems. Conducts learning and literary sessions to raise awareness on relevant engineering design principles (e.g., security, testability, performance, scalability, accessibility, product knowledge).
• Uses and enhances, or builds, new software developer tools to support easier, faster, and more effective software engineering for products. Identifies whether open source or internal code is available to address coding needs for a project/sub-system of a product, and reuses it in a responsible manner where applicable. Develops skills in tools outside current areas of expertise. Identifies and/or creates tools that are useful for building the product. Shares best practices and teaches others about new tools and strategies.
• Understands and applies security best practices and establishes code invariants to model "security as code," ensuring each layer is independently secure, and minimizing risk. Supports and/or adopts security standards for clear security code review practices for a project/sub-system of a product that align with design and engineering principles to raise the security hardening for both protections and detections. Incorporates deployment gates on security controls, and scanners for a project/sub-system of a product to prevent regressions and/or vulnerabilities that would have customer impact. Includes required security monitoring to ensure detection of violations. Independently works with relevant security partners to define security promises and security invariants for the design of a product/solution while factoring in attacker/investigator personas for security monitoring and telemetry needs, ensure threat models and premortems validate upstream and downstream assumptions and security invariants, establish security breach drills and security incident response processes (e.g., impact analysis, containment), and ensure that artificial intelligence (AI) safety features are implemented for the AI production systems tied to a project/sub-system of a product.

Implement

• Leverages their subject-matter expertise to partner with appropriate stakeholders (e.g., technical program managers) to drive a workgroup's project plans, release plans, and work items. Organizes work into smaller sets of tasks as part of an overall roadmap. Guides other members for project estimation and escalates issues that might cause a delay. Ensures required security protections and detection processes are accounted for in planning. Ensures project plans adhere to security, privacy, and compliance requirements. Ensures all code for a product/solution is properly flighted for quicker mitigation of production incidents. Calculates capacity for planning, accounting for appropriate failover and backup/restore mechanisms for disaster recovery for a project/sub-system of a product. Makes considerations for efficient operation of a project/sub-system of a product after it is live. Establishes a rollback plan for a project/sub-system of a product.
• Leveraging internal experimentation infrastructures, drives experiments that determine the impact of changes, using feature flags/flighting in their code. Collaborates with internal partners (e.g., Data Science, product managers) to incorporate success and guard rail metrics for experimentation.
• Leverages existing deployment frameworks in the implementation of solutions, automating deployment tasks when possible to ensure efficiency. Follows safe change deployment best practices (e.g., ensuring that flights are set correctly) for their team to minimize adverse impact to users and other services. Ensures that solutions are deployed safely, rolling out security-sensitive features only to applicable, relevant customers and scenarios to reduce the attack surface. Monitors dependency status and ensures that only the latest, secure versions are deployed. Identifies when rollback plans should be enacted for a project/sub-sub-system of a product. Builds deployment infrastructure to allow developers' private builds for a project/sub-sub-system of a product to be tested in a production-like environment.

Reliability and Supportability

• Drives efforts to integrate logging and instrumentation for gathering telemetry data on system behavior such as performance, reliability, availability, usage, and safety mechanisms, and for allowing monitoring and investigating security-related concerns and scenarios for both live and A/B experiments for products, services, and offerings. Leverages telemetry feedback and effectiveness to independently improve subsequent monitoring designs. Classifies and analyzes data on a range of metrics (e.g., health of the system, where bugs may be occurring), and creates outputs (e.g., notifications, dashboards) that improve monitoring and investigating security-related concerns and scenarios, system monitoring and/or issue identification and mitigation. Considers the privacy implications of telemetry code changes, and adding new data points.
• Acts as a designated responsible individual (DRI) and guides other engineers by developing and following the playbook, working on-call to monitor a system/product/service for degradation, downtime, or interruptions. Alerts stakeholders as to status and initiates actions to restore system/product/service for simple problems and complex problems when appropriate. Responds within service level agreement (SLA) timeframe. Drives efforts to reduce incident volume, looking globally at incidences and providing broad resolutions. Escalates issues to appropriate owners.
• Maintains operations of live site service, following security best practices when responding quickly to mitigate issues while using the minimum required permissions to do so that arise on a rotational, on-call basis. Implements solutions and mitigations to more complex issues impacting performance or functionality of live site service and escalates appropriately. Reviews and writes incident postmortem and presents insights that drive changes to reduce or eliminate incidents. Independently improves troubleshooting guides (TSGs), wikis, tests, and telemetry to make on-call better, and recommends user-facing support documentation and additional test coverage to reduce likelihood of future user-initiated incidents. Enables secure operations, security monitoring, and integration with live site investigation activities. Identifies and proposes opportunities (e.g., lunch talks, automation, practices, tools) that can be leveraged to improve the live site experience. Adds comprehensive observability and monitoring to services.

Understand User Requirements

• Collaborates with and guides appropriate internal (e.g., product manager, privacy/security subject matter expert, technical lead) and external (e.g. customer escalation team, public forums) stakeholders to determine and confirm customer/user requirements for a project/sub-section of a product/solution. Incorporates customer insights into future designs or solution fixes. Ensures unwritten requirements, such as appropriate continuous feedback loops that measure actionable, quantitative (e.g., customer value, usage patterns, solution performance) and qualitative (e.g., accessibility, globalization) indicators of value are incorporated. Understands, provides feedback on, and advocates for security and privacy needs of the customer who will be using the project/sub-section of a product/solution.
• The team provides leadership, direction and accountability for application architecture, Cloud design, Infrastructure development and end to end implementation for our Sovereign and Government Clouds.
• Demonstrated collaboration skills will be required to work closely with other engineering teams to ensure services/systems are highly stable and performant and meet the expectations of internal and external customers and users.
• Build and improve services to be scalable and highly reliable.
• Help deliver and improve engineering systems and practices to deliver services in complex cloud environments.
• Contribute to design and automate service scale features and customer requirements.
• Investigate pre-production and production issues, implement, and deploy fixes.
• Participate in an on-call rotation (typically 24/7 for one week every 6-8 weeks) within a secure facility.
• Other: Embody our Culture and Values

Qualifications

Required/minimum qualifications:

Bachelor's Degree in Computer Science or related technical field AND 4+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.

Other Requirements:

Security Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required pre-offer and post-hire for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.

Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.

Preferred qualifications:

Master's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR Bachelor's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience.

• Understanding and experience with CI/CD concepts and Git.
• 4+ years of Windows / Linux hands on system experiences
• Experience debugging issues ranging from the operating system, application, and all the way to the cloud.
• Experienced in solving operational issues in a scalable way.
• Ability to thrive with the ambiguity associated with working in a fast-paced and changing environment.
• Support a 24x7 live site support model for the services the team owns.
• Experience with Kubernetes, and the Kubernetes satellite technologies
• Some experience with building and supporting large-scale production services, including logging, monitoring, alerting, and measuring reliability and availability.
• Proficient in at least one scripting language but knows when to move solutions into managed code.
• Experience with Azure DevOps and GitHub tooling.
• Demonstrated communication skills and ability to collaborate in a multi-disciplinary team consisting of Software Engineers, Program Managers, Security Researchers, and Data Scientists.

Software Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

Software Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200 - $261,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

Software Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200 - $261,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.