Security Engineer

Overview

Build the secure network foundations that enable Microsoft's most critical platforms to operate safely at global scale. On this team, you will apply infrastructure security expertise across hybrid cloud and enterprise environments to support secure AI development environments, sovereign cloud deployments, and Windows build infrastructure. You will partner with engineering teams to deliver network isolation, connectivity, and security capabilities that protect the integrity of Microsoft Specialized Clouds while enabling secure innovation.

As a Security Engineer, you will design, deploy, and operate secure network infrastructure supporting business critical workloads across hybrid environments. You will work closely with platform and service teams to automate deployments, improve operational monitoring through telemetry and analytics, and scale infrastructure using security by design principles. This opportunity will allow you to develop deep expertise in securing AI development environments, gain hands on experience with hybrid and sovereign cloud networking, and build automation capabilities that reduce security toil at enterprise scale.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Design and implement secure network architectures for highly available and business critical workloads, with an emphasis on end-to-end automated deployments including configuration management, monitoring, telemetry, and logging.
• Serve as a subject matter expert for network security platforms by providing consultative guidance to analysts, engineers, developers, and penetration testers on secure design and deployment patterns.
• Enable ingestion and correlation of network telemetry and log data into big data and AI enabled monitoring systems for real time alerting, anomaly detection, and predictive analytics.
• Monitor and investigate incidents across enterprise scale deployments of network services including routers, switches, firewalls, and load balancers supporting secure AI and build environments.
• Automate operational activities such as configuration updates, software upgrades, and deployment pipelines using scripting, infrastructure as code (IaC), and AI driven remediation capabilities.
• Monitor infrastructure for emerging threats and serve as a first responder during active network related security incidents, using AI assisted detection and response capabilities where applicable.
• Improve service delivery quality through data driven analytics and automation that reduces operational toil and enables scalable security operations.

Other:

• Embody our company's Culture and Values

Qualifications

Required Qualifications:

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local Customer Contract - United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport.

Preferred Qualifications:

• 3+ years of hands-on experience with routing (BGP and OSPF) and switching in an enterprise environment
• 3+ years of experience with Cisco, Arista, Palo Alto, and F5 product lines
• 3+ years of coding/scripting experience with some combination of ARM, Python, Terraform, Ansible.
• 3+ years of experience designing, building, and managing cloud security architecture at scale across multi-subscription Azure environments.
• 3+ years of hands-on experience with Azure cloud networking technologies including VNETs, peering, Private Link, load balancers, firewalls, and hybrid connectivity (VPN/ExpressRoute).
• 2+ years of experience applying AI-driven automation to cloud security operations, threat detection, and incident investigation.
• 2+ years of experience in security event management (SIEM) and/or enterprise log management.
• 2+ years of experience managing network through DDos, Exploit and Malware events.
• 2+ years of experience applying AI-driven automation to network security operations, monitoring, and incident investigation.
• 1+ years of experience leveraging machine learning-based analytics in Sentinel, Defender, or similar platforms to improve detection fidelity and reduce false positives.
• 1+ years of experience in technical project management and technical research.
• Azure certifications preferred (AZ500, AZ700, AZ900)
• Cisco CCNA/Security certifications preferred (CCNA, CCNP, CCIE, CISSP)
  CISSP/GSEC or similar certification

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
;br>
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.