Security Engineer II

Microsoft•Redmond, WA

15h•Onsite

About The Position

The Microsoft Edge Browser Security Team is responsible for securing Edge client code. Our work broadly fits into three distinct categories: Engagement, Proactive, and Reactive security. We work closely with developers, engaging with them to ensure principals such as defense in depth and secure by default are architected into everything we do. Additionally, we perform proactive vulnerability research and analysis at scale to highlight high risk attack surfaces and identify security bugs before hackers do. Finally, we ensure that our reactive response flows are monitored and maintained, tracking reports from external finders, and working with threat intelligence teams to stop active threats to our customers. Throughout all of this, you will work with our industry partners to contribute security improvements to the Chromium project to make the web safer for everyone. As a Security Engineer II in Edge Browser, you will be expected to have knowledge and experience of cybersecurity principals. Ideal candidates will have or quickly obtain a technical knowledge of code audit, fuzzer development, crash analysis and web security. Successful candidates will demonstrate the ability to adopt an adversarial mindset, finding creative ways to break assumptions, identify gaps, and bypass security functions. It is highly beneficial to also have a deep understanding of security fundamentals, computer science skills, and a passion for keeping Microsoft’s customers safe. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction.

Requirements

Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
Experience with relevant security research along with relevant CVEs (if available) ideally in browser vulnerability discovery.
Experience with writing basic exploits for native or web applications.
Development and deployment of fuzz testing and/or static analysis software.

Responsibilities

Identifies security issues within assigned areas and proposes mitigation steps, escalating complex or high-impact risks as needed.
Supports implementation of mitigation, response, and remediation activities using established tools, guidelines, and best practices.
Investigates, diagnoses, and triages security incidents with minimal guidance, following defined incident response processes.
Contributes to incident management, including stakeholder communication and postmortem/root cause analysis.
Participates in security reviews (e.g., architecture, design), documents findings, and collaborates on remediation plans.
Applies secure design and development best practices across feature areas to reduce vulnerabilities and improve resilience.
Assists in monitoring and responding to security events, vulnerabilities, and compliance issues, escalating as appropriate.
Contributes to operational security efforts and helps identify opportunities to improve security posture.
Partners with others to implement solutions for defined security problems and improve existing tools and processes.
Collaborates across teams, incorporates customer and partner feedback, and continuously builds expertise in security technologies and practices.