Security Operations Engineering

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Security Operations Engineer will join the IAM Protect team within the CISO organization, supporting identity and access management (IAM) security operations across Microsoft's cloud environments. Our organization leads the Tenant Isolation pillar within our Secure Future Initiative. This team within IAM Protect focusesinthe productivitytenant space with an amplified focus on integrating AI into our day-to-day workstreamsto:reduce manual touchpoints, identify gaps in security risk scopes, relentlessly pursue progress for key SFI initiatives in the tenant isolation space, and ensure our workstreams accrue to impact while striving to strengthen identity protection controls.

A DayInThis Role:
As a Security Operations Engineer, you will play a pivotal role in improving security within Microsoft. You will work closely with engineering, program management, and business stakeholders to clarify roles, responsibilities, and escalation paths. With minimal guidance, you will work with internal and external parties to push solutions to the environment to address threats and burn down active risk.You will analyze key metrics, key performance indicators (KPIs) and other data sources to identify trends in security issues and drive results or escalate appropriately.This is a unique opportunity to contribute to the safety and integrity of some of the world's most critical assets. When your future direct teammates were asked to describe this team in one word, the results were: Synergetic, Rockstars, Connected, Supportive, Formidable, Impactful, and Empowered.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. Asemployeeswe come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positivelyimpactour culture every day.

• Implement and enforce identity protection controls

• Drive operational execution of IAM security policies (e.g., Conditional Access, MFA, token protection) to reduce lateral movement and credential compromise risks.

• Collaborateon Secure Future Initiative (SFI) objectives

• Partner with engineering and program teams to deliver SFI milestones such as phish-resistant MFA, token protection, conditional access policies, and legacy domain deprecation in productivity tenants.

• Automate andoptimizesecurity workflows

• In partnership with senior engineers and PMs,identifyopportunities for automation and AI-native solutions to reduce manual touchpoints and improve efficiency in tenant governance and isolation processes.

• Analyze telemetry and KPIs to drive risk reduction

• Use data from S360 dashboards, Geneva logs, and other sources to track compliance, detect drift, and report progress against isolation and identity hardening goals.

• Support tenant lifecycle security operations

• Execute secure onboarding, baseline enforcement, and drift correction for auxiliary and ephemeral tenants; ensure alignment with IAM Protect governance standards.

• Partneracross teams for incident response and escalation

• Work with internal stakeholders to push fixes into production environments, burn down active risk, andmaintainreadiness for high-severity incidentsimpactingtenant isolation.

• Embody our culture and values

Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT),ORoperations incident responseORBachelor's Degree in Statistics, Mathematics, Computer Science,ORrelated field AND 2+years' experiencein software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident responseORequivalent experience.