Security Engineer II

Microsoft•Redmond, WA

1d•$102,100 - $219,200

About The Position

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. TEAM OVERVIEW: The Cyber Defense Investigations (CDI) team operates as a 24/7 security investigations function responsible for identifying, analyzing, and mitigating potential threats across Microsoft’s ecosystem. The team rapidly triages alerts, conducts in-depth investigations into suspicious activity, and determines the scope, impact, and root cause of incidents. We work closely with CDO partners and service teams to drive timely remediation, enhance detection coverage, and strengthen the overall security posture. Through structured investigation processes, continuous analysis, and global coordination across time zones, the team ensures high-quality, consistent, and timely response to evolving threats while contributing to operational excellence and resilience. ROLE OVERVIEW: As a Security Engineer II within the CDI Investigations team, you play a critical role in safeguarding organizational assets and data. This role is focused on proactively detecting, investigating, and responding to sophisticated security threats using advanced security tooling, automation, and threat intelligence. You will be responsible for analyzing alerts, conducting detailed investigations, correlating signals across multiple systems, and driving incident response actions including containment and remediation. The role requires strong analytical thinking, curiosity, and the ability to operate effectively in a fast-paced, high-impact environment. In addition to investigation work, you will contribute to improving detection logic, enhancing investigation workflows, and collaborating with cross-functional teams to drive security improvements at scale. This role offers the opportunity to influence broader security strategies while continuously building deep technical expertise. TEAM CULTURE: Our Investigations team is built on a foundation of trust, collaboration, and continuous improvement. We foster an environment where curiosity is encouraged, diverse perspectives are valued, and team members feel empowered to challenge assumptions and drive better outcomes. We prioritize open communication, knowledge sharing, and professional growth—whether through complex investigations, mentorship, or exploring new technologies. The team supports one another through high-impact work, celebrates successes, and continuously learns from challenges. If you are passionate about cybersecurity, thrive in collaborative environments, and are motivated to make a meaningful impact, this team provides an opportunity to grow, innovate, and contribute to Microsoft’s security mission. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Requirements

Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR equivalent experience.
Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

Industry certifications such as CISSP, CISM, CEH, GCIA, GCIH, GCFA, OSCP, or Security+.
Experience leveraging AI/ML-driven security capabilities (e.g., anomaly detection, behavioral analytics, or Copilot-like tools) to enhance threat detection, investigation efficiency, and response outcomes.
Experience analyzing host and network telemetry (e.g., endpoint, identity, cloud, and network logs) to detect and respond to threats.
Familiarity with threat analysis frameworks such as MITRE ATT&CK, Cyber Kill Chain, or Diamond Model.
Experience with cloud security concepts and Azure-based technologies (e.g., Functions, Logic Apps, Storage).
Proficiency in automation and analysis using tools such as Python, PowerShell, or Jupyter Notebooks, including working with APIs.
Knowledge of KQL or similar query languages for security telemetry analysis.
Exposure to advanced security domains such as digital forensics, malware analysis, reverse engineering, or penetration testing.

Responsibilities

Lead Threat Detection & Incident Response: Proactively identify and respond to sophisticated threats by analyzing diverse security signals, driving rapid containment, and reducing risk to critical systems and data.
Own End-to-End Investigations: Perform deep-dive investigations into complex security events, determine scope and root cause, and drive incidents to resolution with clear documentation and action.
Drive Cross-Functional Security Outcomes: Partner with threat intelligence, detection engineering, product teams, and researchers to translate insights into actionable improvements in detection, response, and remediation.
Advance Detection & Response Capabilities: Identify gaps in existing detections and workflows, and contribute to building, tuning, and scaling automation and detection logic to improve coverage and efficiency.
Enable Operational Excellence at Scale: Leverage data, analytics, and security telemetry to prioritize work, improve investigation quality, and enhance consistency across a globally distributed operations model.
Continuously Evolve Against Emerging Threats: Stay ahead of the threat landscape by applying new techniques, tools, and intelligence to strengthen investigative depth and response effectiveness.
Foster a Learning & Knowledge-Sharing Culture: Contribute to team growth through mentorship, documentation, and sharing best practices to elevate overall team capability and performance.

Benefits

The typical base pay range for this role across the U.S. is USD $102,100.00 - $202,200.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $133,800.00 - $219,200.00 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume