Overview

Copilot is evolving into an agentic system that can plan, reason, and execute actions across tools, data, and services. Securing such a system cannot rely on static controls, offline review, or policy‑only enforcement. It requires runtime defenses that adapt to intent, behavior, and context as the system operates.
Copilot Security and Privacy is responsible for building these defenses directly into Copilot. Our work focuses on new security primitives for agentic AI, including runtime misuse detection, adaptive guardrails, containment and isolation mechanisms, and feedback‑driven control systems informed by offensive security research.

We are hiring a Principal Technical Program Manager (TPM) to own the end‑to‑end delivery of these capabilities. This is a deeply technical execution role for someone who can operate at the boundary of security engineering, AI research, and platform systems—turning ambiguous threat models into shippable, operable defenses deployed in a globally scaled AI product.
This role is not about process, governance, or coordination. The TPM is accountable for making complex systems land in production, under real‑world adversarial pressure.

Most security roles protect systems after they exist. This role helps define how agentic AI systems defend themselves while they operate.
You will shape how Copilot detects misuse, enforces boundaries, and recovers safely in real time—working directly on the mechanisms that make autonomy deployable at global scale. The impact is immediate, technical, and measurable in production behavior.
If you want to operate where AI systems, security engineering, and execution reality intersect, this role offers that surface area—without turning you into a policy owner or process layer.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction.

Responsibilities

• Own Delivery of In‑Product AI Threat Defenses
• Lead execution of runtime threat defense capabilities embedded directly into Copilot execution paths, not layered on externally.
• Drive delivery of detection, prevention, and containment mechanisms that operate synchronously and adaptively as agents reason and act.
• Ensure defenses are designed as control systems with clear signals, enforcement points, and feedback loops.
• Translate Threat Models into Executable Systems
• Take emerging and ambiguous agentic AI threat models—including misuse, escalation, and information‑flow risks—and convert them into concrete engineering plans.
• Partner with security engineers and researchers to translate offensive security insights and red‑team findings into production features.
• Make judgment calls about enforcement boundaries, degradation strategies, and isolation guarantees.
• Drive Cross‑Cutting Technical Execution
• Coordinate delivery across security engineering, AI research, platform/runtime teams, and Copilot product surfaces.
• Own dependency management, sequencing, and delivery risk for systems that are tightly coupled and cannot be built independently.
• Resolve technical and organizational tradeoffs where ownership boundaries are unclear and failure modes are novel.
• Ensure Operability at Runtime
• Define what “working” means for threat defenses: detection quality, false‑positive tolerance, performance impact, and blast‑radius containment.
• Ensure defenses are measurable, testable, and observable in production.
• Lead learning loops from live incidents, near‑misses, and adversarial testing back into system design.

Qualifications Required Qualifications:

• Bachelor's Degree AND 6+ years experience in engineering, product/technical program management, data analysis, or product development
• OR equivalent experience.
• 3+ years of experience managing cross-functional and/or cross-team projects.

Preferred Qualifications:

• Bachelor's Degree AND 12+ years experience engineering, product/technical program management, data analysis, or product development
• OR equivalent experience.
• Proven ability to lead execution in high‑ambiguity environments where requirements, threats, and system behavior evolve rapidly.
• Solid systems thinking: ability to reason about execution paths, failure modes, and adversarial behavior.
• Track record of making sound technical tradeoffs and shipping durable solutions without relying on heavy process.
• Background in security engineering, distributed systems, applied research, or ML systems prior to or alongside TPM work.
• Experience delivering runtime detection, abuse prevention, or adaptive enforcement systems.
• Familiarity with agentic AI systems, LLM‑based products, or non‑deterministic execution environments.
• Experience partnering closely with offensive security or red‑team functions.
• Demonstrated ability to translate research, prototypes, or threat models into production‑grade systems.
• Solid analytical skills, including working with telemetry, signals, and feedback loops.

#MicrosoftAI #MAIDPS

Technical Program Management IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.