Overview

About the Team

Consumer Copilot Security is at the core of Microsoft's mission to deliver trusted, human-centered AI experiences. We make security and resilience intrinsic to every Copilot interaction—across devices, platforms, and ecosystems. Our work spans secure identity flows, defenses against emerging threats like prompt injection, and privacy-first systems that scale globally. We are looking for a Senior Software Engineer to join our team.
Copilot is becoming an autonomous system that reasons, plans, and acts on behalf of hundreds of millions of users—across consumer and enterprise experiences, surfaces, and modalities. It books meetings, drafts documents, executes multi-step workflows, and orchestrates actions across tools, data, and services. The scope and autonomy are expanding fast. So is the trust surface.
Copilot Security & Trust Engineering makes Copilot a trusted companion—safe to use without fear as autonomy becomes the default. The Identity & Isolation team owns the foundational systems that make this possible: authentication and identity experiences that reduce friction and increase trust, workload isolation and adaptive sandboxing that constrain agent authority and blast radius, and agentic access control that governs what Copilot can do, with what data, and on whose behalf—continuously and at runtime.

About the Role

Copilot for consumers depends on a rock-solid identity and isolation foundation that makes personalized AI experiences safe and seamless across Windows, Edge, web, and mobile. As Copilot evolves into an agential system—planning, reasoning, and taking actions on behalf of users—the identity layer must evolve with it: authenticating users across surfaces, authorizing agent actions at runtime, isolating execution contexts, and enforcing trust boundaries that hold under adversarial pressure.
We're seeking a Senior Software Engineer to design and build core identity and isolation systems across Copilot experiences, partnering closely with Microsoft's central identity platform and related teams. You'll own significant features end-to-end—from design through production operation—tackling novel risks at the frontier of agential AI while applying proven identity patterns where they fit and inventing new ones where they don't.
This role demands solid backend engineering skills, working knowledge of modern consumer identity protocols, and the ability to ship reliable, secure systems at scale. You'll operate with a high degree of independence, make sound trade-offs between risk and velocity, and mentor others on the team.

Why This Role Matters

Your work will secure AI experiences for hundreds of millions of users worldwide. Most identity roles focus on maintaining existing systems with well-understood patterns. Here, the problems are new—how do you manage authentication across chained agent tool calls? How do you enforce authorization boundaries when an agent's plan evolves at runtime? How do you isolate execution contexts that share memory and data—and your code ships into a product operating under real-world adversarial pressure?

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction.

Responsibilities

• Identity & authorization systems: Design and implement authentication, session management, token issuance/validation, and authorization flows for consumer Copilot across Windows, Edge, web, iOS, and Android.
• Isolation & containment: Build and harden execution context isolation, information-flow controls, and boundary enforcement mechanisms that constrain what agents can access and do.
• Cross-surface consistency: Contribute to common authentication/SSO patterns and SDKs that ensure seamless UX and consistent security controls across consumer surfaces and modalities.
• Agential identity patterns: Implement authentication and authorization patterns for AI-powered, agential flows—supporting secure delegation, scoped consent, and safe orchestration of actions across devices and services.
• Platform integration: Partner with Microsoft Account and central identity teams to land platform capabilities in Copilot consumer scenarios at scale.
• Metrics & observability: Contribute to key authentication and isolation metrics, dashboards, and monitoring; use telemetry to detect anomalous behavior and drive improvements.
• Hands-on engineering: Ship secure, well-tested, maintainable code and frameworks that other teams can adopt. Participate in code reviews, design discussions, and threat modeling sessions.
• Product mindset: Balance customer experience with consumer-grade security, privacy, and compliance expectations.

Qualifications

Required Qualifications:

• Bachelor's Degree in Computer Science or related technical field AND 4+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR equivalent experience.

Preferred Qualifications:

• Master's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR Bachelor's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR equivalent experience.
• Experience designing and operating backend services with high availability and reliability requirements.
• 2+ years hands-on experience with authentication/authorization systems, including practical knowledge of OAuth 2.0, OpenID Connect, JWT, session management, or consumer identity flows.
• Experience with sandboxing, process isolation, container security, or execution context separation.
• Familiarity with Microsoft Account or similar large-scale consumer identity platforms.
• Experience shipping identity flows or SDKs across multiple client platforms (Windows, macOS, iOS, Android, web).
• Understanding of emerging attack classes against AI systems, including prompt injection, agent misbehavior, or information-flow vulnerabilities.
• Familiarity with privacy-by-design principles and consumer compliance requirements (e.g., GDPR).
• Ability to clearly explain complex identity concepts to technical and non-technical stakeholders.

MicrosoftAI #MAIDPS

Software Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

For more details click Job Post.