New 
Principal Security Operations Engineer - CTJ - TS/SCI
 Microsoft | |
 United States, Virginia, Reston | |
 Aug 19, 2025 | |
|
OverviewThe Air Gapped Cloud (AGC) Compliance Team is dedicated to ensuring the highest standards of compliance and security within the AGC environments. Our mission is to support the authorization, assessment, continuous monitoring, and secure onboarding of services, while fostering a culture of compliance and security excellence. We collaborate closely with various departments to manage customer interactions, streamline compliance processes, and maintain the integrity of our systems. We are looking for Principal Security Operations Engineer to join us in our goal to provide robust compliance solutions that meet regulatory requirements and enhance the overall security posture of our AGC environments. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities You'll be responsible for maintaining the compliance Body of Evidence (BoE) for three network system boundaries. Each BoE is minimally comprised of The BoE is inclusive of: System Security Plan (SSP) control narratives, associated test plans, Security Control Matrix (SCTM), Role Based Access Control (RBAC) matrices, any/all applicable Graphical User Guide (GUG)s, Privileged User Guide (PUG)s, Standard Operating Procedures (SOP)s (e.g., Configuration management (CM) plan, Configuration Change Board (CCB) constructs, Incident Response (IR) procedures, Azure policy / templates, priv escalation, break glass accts, etc.* You'll engage in various Assessment & Authorization / Joint Test Team (JTT) support for the following efforts (minimally): M365 A&A for supporting Teams integration and ABAC enhancements in PLx (Protection Level X); PL3 file shares in PLx: CSfC (Commercial Solutions for Classified Program) for PLx. This includes coordination with the site, customer reps, engineering, etc.* Ensuring the Body of Evidence (BoE) is ready for presentation to the USG assessors. The BoE shall minimally consist of test plans for each control / control family, the System Security Plan (SSP), Plan of Actions & Milestones (POA&M), and Security Control Requirements Matrix (SCTM). The exact composition of required JTT artifacts will be determined by the respective service & agency AOs. JTT support could also include reservation of facilities / rooms / associated logistics (e.g. visitor requests, coordination with facility security personnel, etc)* Using your subject matter expertise, you'll identify potential security issues, tools, mitigations, and processes. You'll make this expertise available to others through sharing, coaching, conferences, and other means.* You'll engage with customers and partners to improve security issues by developing analytical tools and studying security patterns. You'll also develop feedback channels in order to improve security practices.* You'll lead large-scale security reviews, including work on architectural and design reviews for feature areas. Where appropriate, you'll also ensure best practices for security architecture, design, and development are in place.* You'll schedule the security analysis of large feature areas, accounting for dependencies and risk assessments, and involving multiple stakeholders. You'll also analyze security threats and share summaries with security tooling teams to enhance compliance programs, while conducting security research of Microsoft and competitor products.Embody our culture and values. | |