Software Engineer II (Security)

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

As a Security Engineer in the Continuous Security Validation & Assurance (CSVA) security engineering team, you will have an opportunity to contribute your deep technical leadership and problem-solving skills to lead a team of engineers working on the security of the underlying platform, code and infrastructure of many Microsoft products used by millions of customers. We build and manage services to manage continuous security posture of cloud scale services. The team is customer-focused with an emphasis on security, great user experience and reliability. You would drive solutions to challenging technical problems involving security for large scale systems and lead critical design initiatives, be accountable for delivery and take part in strategic and tactical decisions in the context of mission-critical services.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Analyze cloud, DevOps, AI, and emerging product services for security vulnerabilities and enterprise readiness.
• Identify and assess the severity and impact of vulnerabilities, including discovering new variants.
• Develop tools and innovative techniques to automate vulnerability discovery and analysis.
• Analyze vulnerability trends to identify patterns and proactively address risks.
• Research, develop, and deploy mitigations for recurring vulnerability patterns.
• Conduct security testing, research, and analysis activities.
• Collaborate effectively with engineering, product teams, and stakeholders.
• Contribute to the broader security research community through knowledge sharing.
• Mentor and support the growth of team members and peers across Microsoft.
• Foster a healthy, inclusive, and collaborative team culture.
• Apply engineering best practices throughout the software development lifecycle to ensure secure, reliable, and maintainable systems.
• Collaborate with cross-functional teams to plan and deliver key initiatives.
• Embrace a culture of continuous improvement, learning, and innovation.
• Design and implement microservices for real-time, scalable, and sustainable solutions.
• Provide on-call support and monitor production services as part of a DevOps culture.
  
  

Qualifications

• Bachelor’s degree in Statistics, Mathematics, Computer Science, or a related field, with experience in the software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• 3–8 years of hands-on experience as a Security Researcher and/or Security Engineer
• Designing, building, and operating large-scale enterprise security services solutions using cloud services, C#, .NET, or Java.
• Strong understanding of common software vulnerabilities (e.g., OWASP Top 10, CWE Top 25) in languages such as C#, JavaScript/HTML, C++, and C.
• Deep knowledge of software security principles, including authentication, authorization, and encryption.
• Proficiency in coding, debugging, and root cause analysis of vulnerabilities in cloud services, DevOps platforms, and AI systems.
• Excellent written and verbal communication skills.
• Good programming skills with expertise in OOP, OOAD, and design patterns.
• Ability to work independently and collaborate effectively across global teams.
• Good interpersonal skills to communicate complex ideas to diverse stakeholders.
• Proven ability to navigate ambiguity and drive clarity.
• Demonstrated ability to prioritize, ramp up quickly, and meet tight deadlines.
  
  

Preferred Qualifications

• Proficient in cloud platforms such as Microsoft Azure (preferred), AWS, or GCP.
• Public track record of vulnerability research and discovery.
• Familiarity with cloud service architecture, design, and implementation.
• Understanding of enterprise security techniques and best practices.
• Experience with Microsoft Entra ID (formerly Azure Active Directory).
• Basic scripting skills in PowerShell and experience developing automation modules.
• Knowledge of Power BI for designing interactive dashboards and visualizations.
• Experience building AI applications to solve enterprise-scale challenges.
• Familiarity with modern security models such as OAuth and token-based authentication.
• Experience delivering production-grade software or services.
• Exposure to agile methodologies and test-driven development (TDD).
  
  

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.