Security Engineer II

Overview

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

TEAM OVERVIEW:

The Cyber Defense Investigations (CDI) team operates as a 24/7 security investigations function responsible for identifying, analyzing, and mitigating potential threats across Microsoft's ecosystem. The team rapidly triages alerts, conducts in-depth investigations into suspicious activity, and determines the scope, impact, and root cause of incidents. We work closely with CDO partners and service teams to drive timely remediation, enhance detection coverage, and strengthen the overall security posture. Through structured investigation processes, continuous analysis, and global coordination across time zones, the team ensures high-quality, consistent, and timely response to evolving threats while contributing to operational excellence and resilience.

ROLE OVERVIEW:

As a Security Engineer II within the CDI Investigations team, you play a critical role in safeguarding organizational assets and data. This role is focused on proactively detecting, investigating, and responding to sophisticated security threats using advanced security tooling, automation, and threat intelligence.
You will be responsible for analyzing alerts, conducting detailed investigations, correlating signals across multiple systems, and driving incident response actions including containment and remediation. The role requires strong analytical thinking, curiosity, and the ability to operate effectively in a fast-paced, high-impact environment. In addition to investigation work, you will contribute to improving detection logic, enhancing investigation workflows, and collaborating with cross-functional teams to drive security improvements at scale. This role offers the opportunity to influence broader security strategies while continuously building deep technical expertise.

TEAM CULTURE:

Our Investigations team is built on a foundation of trust, collaboration, and continuous improvement. We foster an environment where curiosity is encouraged, diverse perspectives are valued, and team members feel empowered to challenge assumptions and drive better outcomes. We prioritize open communication, knowledge sharing, and professional growth-whether through complex investigations, mentorship, or exploring new technologies. The team supports one another through high-impact work, celebrates successes, and continuously learns from challenges. If you are passionate about cybersecurity, thrive in collaborative environments, and are motivated to make a meaningful impact, this team provides an opportunity to grow, innovate, and contribute to Microsoft's security mission.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Lead Threat Detection & Incident Response: Proactively identify and respond to sophisticated threats by analyzing diverse security signals, driving rapid containment, and reducing risk to critical systems and data.
• Own End-to-End Investigations: Perform deep-dive investigations into complex security events, determine scope and root cause, and drive incidents to resolution with clear documentation and action.
• Drive Cross-Functional Security Outcomes: Partner with threat intelligence, detection engineering, product teams, and researchers to translate insights into actionable improvements in detection, response, and remediation.
• Advance Detection & Response Capabilities: Identify gaps in existing detections and workflows, and contribute to building, tuning, and scaling automation and detection logic to improve coverage and efficiency.
• Enable Operational Excellence at Scale: Leverage data, analytics, and security telemetry to prioritize work, improve investigation quality, and enhance consistency across a globally distributed operations model.
• Continuously Evolve Against Emerging Threats: Stay ahead of the threat landscape by applying new techniques, tools, and intelligence to strengthen investigative depth and response effectiveness.
• Foster a Learning & Knowledge-Sharing Culture: Contribute to team growth through mentorship, documentation, and sharing best practices to elevate overall team capability and performance.

Qualifications

Required Qualifications:

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
    • OR equivalent experience.

Other Requirements:

Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Industry certifications such as CISSP, CISM, CEH, GCIA, GCIH, GCFA, OSCP, or Security+.
• Experience leveraging AI/ML-driven security capabilities (e.g., anomaly detection, behavioral analytics, or Copilot-like tools) to enhance threat detection, investigation efficiency, and response outcomes.
• Experience analyzing host and network telemetry (e.g., endpoint, identity, cloud, and network logs) to detect and respond to threats.
• Familiarity with threat analysis frameworks such as MITRE ATT&CK, Cyber Kill Chain, or Diamond Model.
• Experience with cloud security concepts and Azure-based technologies (e.g., Functions, Logic Apps, Storage).
• Proficiency in automation and analysis using tools such as Python, PowerShell, or Jupyter Notebooks, including working with APIs.
• Knowledge of KQL or similar query languages for security telemetry analysis.
• Exposure to advanced security domains such as digital forensics, malware analysis, reverse engineering, or penetration testing.

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $102,100.00 - $202,200.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $133,800.00 - $219,200.00 per year.


Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.