Security Operations Engineer II na Microsoft Corporation

Overview

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Identity & Access Management (IAM) Protect team within the CISO organization is seeking a motivated Security Operations Engineer to join our Identity Operations team. This role is focused on driving operational excellence across Microsoft Identity services, providing DRI and on-call support for production systems, and building automation to reduce undifferentiated operational work and improve reliability. The engineer will emphasize first-contact resolution, shift-left practices, and deep root-cause analysis to minimize customer disruption, while channeling operational insights and customer feedback back into IAM service teams to continuously improve reliability and experience. The ideal candidate brings foundational identity knowledge, strong analytical skills, and a passion for growing into an Identity engineering role, with an interest in leveraging AI-assisted insights to advance operational maturity over time.

Responsibilities

• Participate in the on-call rotation as a Designated Responsible Individual (DRI), providing dependable and timely operational support for identity services.

• Deliver day-to-day security operations support across Microsoft Entra ID and Azure Active Directory, including authentication, authorization, and directory services.

• Execute identity lifecycle operations such as access provisioning and deprovisioning, group and role management, and access governance activities.

• Troubleshoot and resolve identity-related incidents, including MFA and Conditional Access failures, SSO and token issues, service principal misconfigurations, device join problems, and directory synchronization errors.

• Monitor service health, identity logs, and alerts to proactively identify issues and maintain service reliability and security compliance.

• Investigate, triage, and mitigate production incidents with clear communication, accurate diagnosis, and timely resolution to minimize customer impact.

• Contribute to root-cause analysis and post-incident reviews, supporting follow-up actions to reduce repeat incidents.

• Develop and maintain scripts and basic automation to streamline identity operations, improve first-contact resolution, and reduce manual and repetitive work.

• Assist in building self-service and preventative solutions such as identity health checks and policy drift detection.

• Identify recurring operational issues and collaborate with engineering partners to implement automation-first improvements that reduce operational noise and incident volume.

• Work in scheduled shift and on-call rotations to provide continuous operational support for identity services.

Qualifications

• 6+ years of experience in security operations, IT operations, technical support, or engineering roles supporting production systems.

• Strong understanding of identity and access fundamentals, including authentication and authorization protocols (OAuth 2.0, OIDC, SAML, certificate-based authentication) and common token flows.

• Hands-on experience with Microsoft Entra ID / Azure AD, including MFA, Conditional Access, session controls, Privileged Identity Management (PIM), and identity lifecycle operations.

• Experience supporting directory synchronization and device identity, including Entra Connect or Cloud Sync, Azure AD joined, hybrid joined, and registered devices, and how device posture influences Conditional Access.

• Working knowledge of application identity, including app registrations, delegated and application permissions, consent flows, API scopes, and identifying common configuration issues.

• Ability to analyze identity logs and telemetry, such as sign-in, audit, token, and provisioning logs, using tools like the Azure portal, KQL, Graph Explorer, Azure Monitor, or IcM.

• Demonstrated troubleshooting and automation mindset, with experience scripting or building basic automation to reduce manual work, improve support quality, and collaborate effectively with engineering and security teams.

Preferred Qualifications

• Hands-on experience administering Microsoft Entra ID / Azure Active Directory.

• Working knowledge of automation tools and source control, including Git/GitHub and CI/CD pipelines.

• Familiarity with monitoring and incident management tools such as Azure Monitor, Kusto, Grafana, and IcM.

• Strong interest in service reliability, operational discipline, and improving production support quality.

• Practical scripting experience using PowerShell and/or Python.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. (https://careers.microsoft.com/v2/global/en/accessibility.html)