Overview:

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Senior Security Operations Engineer in IAM Protect is a hands on technical contributor responsible for protecting Microsoft’s identity infrastructure through detection, investigation, and mitigation of identity related security risks. This role operates at the intersection of identity security, security operations, and engineering, with a focus on reducing real world risk across Microsoft’s production and productivity tenants.

This Senior Security Operations Engineer works on high impact Identity and Access Management (IAM) security problem spaces such as privileged access misuse, application and service identity risk, tenant isolation, abnormal sign in behavior, and control gaps surfaced through incidents, threat intelligence, and security Key Performance Indicators (KPIs). The role partners closely with Security Technical Program Managers (TPM), IAM engineering teams, insider risk, and incident response to translate ambiguous risk signals into concrete operational actions and durable fixes. This role will be focused on shaping the app ecosystem security and tenant governance programs.

At the senior level, this role is expected to independently own defined problem areas, exercise strong security judgment, and drive investigations and remediation with limited oversight. The Senior Security Operations Engineer contributes to improving the operational maturity of IAM Protect by strengthening detections, clarifying response paths, improving telemetry, and influencing engineering changes that prevent recurrence - not just responding to individual events.

This role supports evolving security initiatives informed by active threat assessments within the Tenant Isolation and Secure Futures Initiative (SFI) workstreams and plays a direct role in protecting Microsoft’s most sensitive identity surfaces.

Starting February, 2026, Microsoft employees are expected to work from a designated Microsoft office at least three days a week if they live within 50 miles (U.S.) or 25 miles (non-U.S., country-specific) of that location. This expectation is subject to local law and may vary by jurisdiction.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities:

Security Operations Ownership

• Own defined IAM security operations problem spaces (e.g., privileged access misuse, tenant isolation gaps, application and service identity risk, conditional access enforcement).
• Lead investigations into identity‑related security signals, alerts, and escalations, determining root cause, impact, and appropriate mitigation plans.
• Drive containment and remediation actions in partnership with incident response, IAM engineering, and security partners.

Detection, Investigation & Response

• Analyze IAM telemetry, alerts, KPIs, and incident data to identify abnormal behavior, control gaps, and emerging risk patterns.
• Improve detection quality by reducing noise, tuning thresholds, and validating coverage against known attack paths and threat intelligence.
• As needed, participate in incident response, including triage, mitigation, post‑incident analysis, and follow‑up actions to prevent recurrence.

Execution & Risk Reduction

• Translate ambiguous security findings into concrete operational actions, engineering asks, or policy recommendations.
• Partner with TPMs and engineering teams to ensure security requirements are operationally viable and enforced at scale.
• Validate that mitigations and controls are effective through data, telemetry, and follow‑up verification.

Automation & Operational Maturity

• Identify opportunities to automate repetitive security operations workflows and reduce manual touchpoints.
• Contribute to improvements in tooling, data pipelines, and operational processes that increase reliability and scalability.
• Leverage data and metrics to prioritize work and demonstrate risk reduction impact.

Cross‑Team Collaboration

• Work closely with IAM engineering, Security TPMs, insider risk, compliance, and other security teams to align on response paths and ownership.
• Provide operational input into program and design discussions to ensure security controls are practical and durable.
• Share findings, patterns, and lessons learned to improve collective understanding of identity‑related risk.

Continuous Improvement & Craft

• Perform post‑incident and post‑investigation analysis to identify systemic issues and improvement opportunities.
• Contribute to documentation and knowledge sharing to improve team readiness and consistency.
• Mentor junior engineers through collaboration, review, and shared problem solving.
• Embody our culture and values

Qualifications:

Required Qualifications:

• Doctorate in Statistics, Mathematics, Computer Science, or related fieldOR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR equivalent experience.

Other Requirements:

• Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport

Additional or Preferred Qualifications:

• Bachelor’s degree (or equivalent experience) in Computer Science, Cybersecurity, or related field.
• Scripting or automation experience (PowerShell, Python, SQL, KQL, etc.).
• Experience in security operations, incident response, or IAM engineering.
• Experience with vibe-coding.
• Experience with agent creation and management.
• Experience with cloud IAM platforms (Azure AD, Entra ID, etc.) and enterprise risk management.
• Experience managing the lifecycle and security posture of applications within an enterprise tenant.
• Familiarity with SIEM, SOAR, and security automation tools.
• Proficient analytical, troubleshooting, and communication skills
• Ability to influence without authority and drive results in a matrixed environment.
• Experience in large-scale enterprise or cloud environments

#IAMProtect; #MSFTSecurity; #Securethe Future; #CISOOrg

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.