GRC Senior Security Engineer

Share job

Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.

• Analytical skills – Ability to assess customer requirements, technical report and interpret industry regulations, and translate them into clear business impacts. Experience analyzing data for compliance risks then providing data-driven recommendations to customers or internal stakeholders.
• Compliance management – Hands-on experience working with high-compliance requirements such as healthcare and government). Managing compliance-driven customer engagements, ensuring alignment with regulatory frameworks (HIPAA, GDPR, etc.), supporting audits, or overseeing controls that support regulatory adherence.
• Strong written and verbal communication – Ability to explain complex compliance topics to diverse audiences, from customers in regulated industries to internal stakeholders. Comfortable drafting customer material, creating clear compliance communications, and presenting regulatory requirements in plain language.
• Problem solving – Ability to anticipate and address compliance-related customer challenges, ensuring timely resolution while maintaining trust. Able to handle escalated customer inquiries, design solutions to meet requirements without blocking remediation plans that satisfy both customers and compliance stakeholders.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Preferred Qualifications:

• Flexibility and adaptability when engaging with customers across multiple regulated sectors
• Judgment in balancing customer needs with regulatory obligations
• Project management for customer-facing compliance initiatives

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until August 31, 2025.

#MSFTSecurity

• Serve as a primary security and privacy liaison for both pre- and post-sales engagements while owning internal delivery and cross-team execution of security commitments, collaborating with Sales, Sales Support, Legal, and Engineering to address customer security and compliance concerns.
• Lead the completion of customer security questionnaires, RFPs, RFIs, and due diligence assessments, ensuring timely and accurate responses.
• Participate in customer meetings and calls to explain security architecture, data protection practices, and compliance posture.
• Support contract negotiation and redline security terms.
• Manage customer-facing audits and assurance engagements, including evidence preparation, documentation, and on-site/virtual support.
• Evaluate technical security controls and processes to ensure compliance with Microsoft and industry standards
• Act as a controls and compliance subject matter expert to the business, providing guidance and to internal teams
• Identify risks through assessment and collaborate with business stakeholders to develop and track remediation plans
• Facilitate remediation of identified risks in collaboration with stakeholders.
• Collaborate with engineering teams to integrate security controls into system and application designs.
• Provide technical assurance for new and existing solutions, ensuring robust authentication, authorization, data protection, and monitoring capabilities.
• Act as a key point of contact for security incidents, coordinating response efforts and customer communications.
• Ensure timely triage, investigation, and resolution of customer-reported issues.
• Act as a bridge between Security, Engineering, Legal, and Sales teams to ensure consistent messaging and alignment on customer commitments.
• Provide security guidance to internal teams, including Sales, Engineering, and Sales Support.
• Maintain and share security documentation, FAQs, and best practices to support consistent messaging and enablement.
• Drive automation and workflow improvements across security processes, including leading implementation with internal tooling or partners.
• Build and maintain strong, trust-based relationships with customers and key internal/external stakeholders by acting as a reliable security advisor, understanding their business needs, and proactively addressing concerns.
• Document and standardize security and compliance responses, workflows, and reference materials to support internal scalability