The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Security of MSRC team exists to raise the security bar to the highest standard for MSRC tooling and operations, across the systems and workflows that handle vulnerability intelligence. In this role, you will help transform MSRC’s vulnerability management ecosystem into a unified, secure, resilient platform by implementing advanced security controls (including MFA and Zero Trust principles), strengthening information protection protocols, improving monitoring and response, and supporting consolidation of security case management onto IcM as the secure system of record.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

As a Software Engineer II, you will work independently on significant features, own scoped areas end-to-end, and contribute to the health and reliability of live services.
Core Responsibilities
• Build and ship security hardening features for MSRC engineering systems that manage sensitive vulnerability data, including robust defenses, information protection, and need-to-know access controls.
• Improve data governance and access control across fragmented systems and workflows, reducing security and compliance gaps created by distributed data and inconsistent access boundaries.
• Deliver secure workflow improvements on IcM as the single source of truth for security case workflows, including solutions that strengthen auditing, confidentiality, and operational consistency.
• Design, implement, test, and operate production services with strong engineering fundamentals: automated testing, telemetry, monitoring, and live-site readiness.
• Contribute to service operations including incident response, retrospectives/root cause analysis, and on-call rotations aligned to the team’s live service responsibilities.
• Produce clear design and execution artifacts such as scoped specs and design docs that cover implementation, testing, telemetry, and rollout plans; communicate tradeoffs and progress crisply.
• Collaborate in MSRC’s execution model with PMs and technical leads to deliver prioritized work tied to features/epics and participate in code/design reviews with a strong quality mindset.

What Success Looks Like (First 6–12 Months)
• You independently own and deliver one or more meaningful security improvements in a defined area of the MSRC engineering ecosystem, with high quality and measurable operational impact.
• You demonstrate mastery of service health fundamentals: testing, monitoring, releasing safely, and responding effectively when issues arise.
• You improve how the team works by raising engineering quality, reducing operational risk, and contributing to the growth of others through reviews and mentoring.

Required Qualifications:

• Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience.

• 3+ years of proven experience building and shipping production software, including designing, coding, testing, debugging, and maintaining services.
• Demonstrated ability to work independently on significant scoped features and make sound technical decisions within a feature area.
o Experience applying engineering fundamentals to live services: automated testing, telemetry/monitoring, operational readiness, and structured incident learnings.
• Strong collaboration and communication skills, including participating in code and design reviews and partnering with cross-functional stakeholders.

Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

As stated in the job posting, this position requires verification of citizenship or other
protected status to meet legal requirements of the role. [Insert either the US or Non-US
statement here]. Can you meet the requirement stated in the job description?”
▪ US: If the role requires US citizenship, as indicated in the job description, a valid
US passport must be provided to verify your citizenship. If the role requires US
Person status, as indicated in the job description, US citizens must provide a valid
US passport for verification while lawful permanent residents, refugees, and
Classified as Microsoft Confidential
asylees may complete this verification using green cards or other status
documents, as applicable

Preferred Qualifications:

• Experience building security-sensitive systems or working with highly confidential data and strict access control requirements.
• Experience implementing or operating security controls such as MFA-aligned flows, Zero Trust patterns, and information protection safeguards in enterprise systems.
• Experience improving workflow consistency and operational excellence through system consolidation and improved auditing/traceability.
• Interest in continuous improvement of engineering practices, including deployment quality, safe velocity, and operational excellence.

Software Engineering IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.