As a Security Engineer - Identity at Microsoft, you will play a pivotal role in safeguarding Microsoft’s identity infrastructure and the security of its customer-facing services. In today’s fast-evolving cyber threat landscape, identity management is one of the most critical areas of focus for securing both internal and external systems. You will join the Identity Product Security team, which works at the forefront of cybersecurity, directly influencing how Microsoft secures identity systems across its global platform..
Responsibilities. As a Security Engineer - Identity, your key responsibilities will include
- Conduct thorough security assessments of identity-related systems and services to identify vulnerabilities and potential threats.
- Analyze unexploited vulnerabilities and collaborate with response teams to protect Microsoft’s infrastructure and customer data.
- Assist in investigating security incidents, reviewing root causes, and helping to implement lessons learned.
- Work closely with other security teams, such as MSTIC (Microsoft Threat Intelligence Center), MSRC (Microsoft Security Response Center), M365, Azure, and Xbox, to strengthen security and mitigate risks.
- Provide subject-matter expertise for bug bounty issues, incident response, and security concerns related to Microsoft Identity products.
- Drive the development and implementation of automated security processes to scale response efforts efficiently.
- Identify and create new security workflows to streamline operations and improve the detection, investigation, and resolution of vulnerabilities.
- Stay up-to-date with the latest trends in identity security, threat intelligence, and security innovations.
- Work with engineering teams to identify patterns and new data classes of security threats and vulnerabilities that could impact identity systems at scale.
- Collaborate with senior team members to receive guidance and support on complex security issues.
- Provide mentorship to junior members of the team and promote a culture of continuous learning and improvement.
- Ensure thorough documentation of security incidents, incidents’ root causes, and mitigation strategies.
- Report findings to both technical and non-technical stakeholders, ensuring clarity and actionable insights.
Qualifications
- 4+ years of experience in cybersecurity, with a strong focus on identity systems, anomaly detection, or security in large-scale environments.
- Expertise in Python, SQL, C#, or C++ for security automation, vulnerability analysis, and tool development.
- Strong problem-solving and analytical skills, with the ability to assess complex security systems and implement solutions to mitigate risks.
- Familiarity with the software development lifecycle and understanding of how security fits into the development and deployment process.
- Proven experience working with identity systems, security incident response, or threat intelligence.
Preferred
- Experience with Microsoft identity products like Entra, Azure Active Directory, or other cloud-based identity management solutions.
- Consultancy or client-facing experience is a plus, as well as a demonstrated ability to provide security guidance to external or internal stakeholders.
- Security certifications (CISSP, CISM, CEH, etc.) are advantageous but not required.
Work Environment. At Microsoft, we value a culture of innovation, growth mindset, and collaboration. You’ll be part of a team that works in a hybrid environment, giving you the flexibility to work both remotely and on-site. This position offers a great opportunity for growth in the cybersecurity space, with direct impact on improving security for both internal and customer-facing Microsoft services.
Microsoft’s Commitment to Diversity & Inclusion. Microsoft is an equal opportunity employer. We believe in fostering an inclusive workplace where every individual feels valued. We encourage people of all backgrounds to apply and offer reasonable accommodations during the application process to ensure equal access for all applicants.