Key skills
PythonCSQLPowerShellAnalyticsAzureIAMAzure ADEntra IDRisk ManagementCommunicationProblem SolvingCollaboration
About this role
Microsoft is a leading enterprise service company focused on securing digital technology platforms and clouds. The Senior Security Operations Engineer in IAM Protect is responsible for protecting Microsoft's identity infrastructure by detecting, investigating, and mitigating identity-related security risks.
Responsibilities:
- Own defined IAM security operations problem spaces (e.g., privileged access misuse, tenant isolation gaps, application and service identity risk, conditional access enforcement)
- Lead investigations into identity‑related security signals, alerts, and escalations, determining root cause, impact, and appropriate mitigation plans
- Drive containment and remediation actions in partnership with incident response, IAM engineering, and security partners
- Analyze IAM telemetry, alerts, KPIs, and incident data to identify abnormal behavior, control gaps, and emerging risk patterns
- Improve detection quality by reducing noise, tuning thresholds, and validating coverage against known attack paths and threat intelligence
- As needed, participate in incident response, including triage, mitigation, post‑incident analysis, and follow‑up actions to prevent recurrence
- Translate ambiguous security findings into concrete operational actions, engineering asks, or policy recommendations
- Partner with TPMs and engineering teams to ensure security requirements are operationally viable and enforced at scale
- Validate that mitigations and controls are effective through data, telemetry, and follow‑up verification
- Identify opportunities to automate repetitive security operations workflows and reduce manual touchpoints
- Contribute to improvements in tooling, data pipelines, and operational processes that increase reliability and scalability
- Leverage data and metrics to prioritize work and demonstrate risk reduction impact
- Work closely with IAM engineering, Security TPMs, insider risk, compliance, and other security teams to align on response paths and ownership
- Provide operational input into program and design discussions to ensure security controls are practical and durable
- Share findings, patterns, and lessons learned to improve collective understanding of identity‑related risk
- Perform post‑incident and post‑investigation analysis to identify systemic issues and improvement opportunities
- Contribute to documentation and knowledge sharing to improve team readiness and consistency
- Mentor junior engineers through collaboration, review, and shared problem solving
Requirements:
- Doctorate in Statistics, Mathematics, Computer Science, or related field
- OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR equivalent experience
- Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
- These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
- Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations
- As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information
- To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport
- Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable
- Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions
- Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law
- Bachelor's degree (or equivalent experience) in Computer Science, Cybersecurity, or related field
- Scripting or automation experience (PowerShell, Python, SQL, KQL, etc.)
- Experience in security operations, incident response, or IAM engineering
- Experience with vibe-coding
- Experience with agent creation and management
- Experience with cloud IAM platforms (Azure AD, Entra ID, etc.) and enterprise risk management
- Experience managing the lifecycle and security posture of applications within an enterprise tenant
- Familiarity with SIEM, SOAR, and security automation tools
- Proficient analytical, troubleshooting, and communication skills
- Ability to influence without authority and drive results in a matrixed environment
- Experience in large-scale enterprise or cloud environments