Bachelor’s degree in Statistics, Mathematics, Computer Science, or a related field, with experience in the software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
4–8 years of hands-on experience as a Security Researcher and/or Security Engineer
Designing, building, and operating large-scale enterprise security services solutions using cloud services, C#, .NET, or Java.
Strong understanding of common software vulnerabilities (e.g., OWASP Top 10, CWE Top 25) in languages such as C#, JavaScript/HTML, C++, and C.
Deep knowledge of software security principles, including authentication, authorization, and encryption.
Proficiency in coding, debugging, and root cause analysis of vulnerabilities in cloud services, DevOps platforms, and AI systems.
Excellent written and verbal communication skills.
Good programming skills with expertise in OOP, OOAD, and design patterns.
Ability to work independently and collaborate effectively across global teams.
Good interpersonal skills to communicate complex ideas to diverse stakeholders.
Proven ability to navigate ambiguity and drive clarity.
Demonstrated ability to prioritize, ramp up quickly, and meet tight deadlines.
Preferred Qualifications:
Proficient in cloud platforms such as Microsoft Azure (preferred), AWS, or GCP.
Public track record of vulnerability research and discovery.
Familiarity with cloud service architecture, design, and implementation.
Understanding of enterprise security techniques and best practices.
Experience with Microsoft Entra ID (formerly Azure Active Directory).
Basic scripting skills in PowerShell and experience developing automation modules.
Knowledge of Power BI for designing interactive dashboards and visualizations.
Experience building AI applications to solve enterprise-scale challenges.
Familiarity with modern security models such as OAuth and token-based authentication.
Experience delivering production-grade software or services.
Exposure to agile methodologies and test-driven development (TDD).
Responsibilities
Analyze cloud, DevOps, AI, and emerging product services for security vulnerabilities and enterprise readiness.
Identify and assess the severity and impact of vulnerabilities, including discovering new variants.
Develop tools and innovative techniques to automate vulnerability discovery and analysis.
Analyze vulnerability trends to identify patterns and proactively address risks.
Research, develop, and deploy mitigations for recurring vulnerability patterns.
Conduct security testing, research, and analysis activities.
Collaborate effectively with engineering, product teams, and stakeholders.
Contribute to the broader security research community through knowledge sharing.
Mentor and support the growth of team members and peers across Microsoft.
Foster a healthy, inclusive, and collaborative team culture.
Apply engineering best practices throughout the software development lifecycle to ensure secure, reliable, and maintainable systems.
Collaborate with cross-functional teams to plan and deliver key initiatives.
Embrace a culture of continuous improvement, learning, and innovation.
Design and implement microservices for real-time, scalable, and sustainable solutions.
Provide on-call support and monitor production services as part of a DevOps culture.