55
Top TechCompanies
43k
Top ActiveJobs
56m
Age OfNewest Job

Security Engineer

MicrosoftApplyPublished 6 days agoFirst seen 6 days ago
Apply
Overview

The Substrate Auth Quality and Defense team is seeking a security engineer with expertise in penetration testing, threat modeling, risk assessment, and scaled security tooling usage to help safeguard authentication and access control mechanisms.

The ideal candidate will proactively identify and propose mitigation to vulnerabilities across authentication stacks, leveraging both manual and automated testing approaches. Responsibilities include conducting offensive and defensive security assessments as well as developing and running dynamic token simulation. You will also get the opportunity to drive the adoption of AI-enhanced security tools and participate in code and configuration reviews to ensure robust protection against emerging threats. The role focuses on measurable risk reduction and operational efficiency. While pure software engineering experience is not required, hands-on security experience and the ability to work across organizational boundaries are essential. You will also contribute to incident response, metrics-driven process refinement, and the cultivation of a “secure by design” culture within the organization. This position offers the opportunity to shape the future of identity and authentication security, working alongside top experts and partner teams to deliver impactful results.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.


Responsibilities
  • Identifies and conducts research into critical security areas of Microsoft, supported, and/or competitor products vulnerable to exploitation, current or potential future attacks, adversary tracking, and/or academic literature.
  • Researches, analyzes, and summarizes security threats and shares results across teams to incorporate into future research or as enhancements in alignment with security initiatives.
  • Partners cross-functionally (e.g., across disciplines, teams, security versus non-security) to design solutions to prevent, detect, and/or disrupt attacks, including for integration in or addition to new/existing products or features.
  • Leverages artificial intelligence (AI) workflows to understand research operations and how customers use Microsoft products and identifies opportunities for solutions to deliver protection.
  • Creates security analysis plan that aligns product timelines, interdependencies, risks, and feature scopes.
  • Analyzes complex issues using multiple data sources across the threat landscape to develop insights and identify security vulnerabilities and threats.
  • Understands operational needs to ensure security solutions work within parameters.
  • Identifies and recommends process improvements and adopts best practices.
  • Recommends prioritization and validation methodologies for technical indicators to identify and track threat actors or attacker activity.
  • Synthesizes data to generate trends, patterns and insights on technical indicators of threats.
  • Uses subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities).
  • Researches and maintains knowledge of industry trends, technologies, tools, securities, and advances.
  • Contributes to internal and external community through publications, white papers, seminars, or conferences, shaping understanding of threat protection in real-world impact and storytelling.
  •  Develops deployment and security configuration standards to ensure technologies are deployed in a secure fashion.
  • Leverages established procedures to ensure the integrity of tools, techniques, and information of security practices, building trust with and protecting customers.
  • Assesses efficacy of operational security (e.g., red teaming and penetration testing) measures.
  • Develops techniques to measure and improve operational security.
  • Investigates, diagnoses, triages, and remediates Microsoft and/or customer security incidents, deepening trust through proactive customer connection and crisis and incident response.
  • Conducts postmortem and root cause analyses for security incidents to identify trends, patterns, and issues, including protection gaps that need to be addressed.
  • Creates repair items, tools, and/or systems to support incident management.
  • Supports managing incidents with multiple bridges and leverages Incident Management System(s) to update stakeholders during and after incidents.
  • Leads large-scale security reviews, including architectural and design reviews, and synthesizes findings in analysis reports.
  • Implements best practices for security architecture, design, and development across feature areas and teams.
  • Evaluates security risks and impact to the affected services and partners with others to remove blockers and mitigate risks.
  • Monitors and responds to security events, potential vulnerabilities, exposures, and policy compliance issues, escalating as needed.
  • Solves classes of issues in technical implementation and automation of solutions related to specific kinds of security issues (e.g., security posture, signature-based detection, malware, threat analysis, reverse engineering, attack disruption, anomaly detection). 
  • Works across disciplines to identify and develop improvements in solutions and methods.Identifies, prioritizes, and addresses security issues, escalating as needed.
  • Leads implementation of mitigations, responses, and remediations for security issues for a feature area. 
  • Proactively leverages established feedback channels to gather and synthesize input from customers and partners on security needs.
  • Partners with internal and external stakeholders to translate feedback and proposes improvement to security practices and solutions.
  • Contributes to the development of guidelines, models, and best practices to advocate for customer and partner security needs and deliver protection through security products (e.g., Microsoft Defender, Microsoft Sentinel).


Qualifications

Required Qualifications:

  • Bachelor's Degree in Computer Science or related technical field AND  technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
    • OR equivalent experience.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

  • Master's Degree in Computer Science or related technical field AND technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
    • OR Bachelor's Degree in Computer Science or related technical field AND  technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python 
    • OR equivalent experience.
  • The following additional experiences are favorable, but not requirements:
    Public track record of relevant security research, especially around vulnerability discovery
    Experience exploiting bugs and bypassing security mitigations in authentication systems

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.


Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.