What you'd actually do

Identifies security issues within assigned areas and proposes mitigation steps, escalating complex or high-impact risks as needed.

Supports implementation of mitigation, response, and remediation activities using established tools, guidelines, and best practices.

Investigates, diagnoses, and triages security incidents with minimal guidance, following defined incident response processes.

Contributes to incident management, including stakeholder communication and postmortem/root cause analysis.

Participates in security reviews (e.g., architecture, design), documents findings, and collaborates on remediation plans.

Skills

Required

Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.

Nice to have

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
Experience with relevant security research along with relevant CVEs (if available) ideally in browser vulnerability discovery.
Experience with writing basic exploits for native or web applications.
Development and deployment of fuzz testing and/or static analysis software.

Overview

The Microsoft Edge Browser Security Team is responsible for securing Edge client code. Our work broadly fits into three distinct categories: Engagement, Proactive, and Reactive security. We work closely with developers, engaging with them to ensure principals such as defense in depth and secure by default are architected into everything we do. Additionally, we perform proactive vulnerability research and analysis at scale to highlight high risk attack surfaces and identify security bugs before hackers do. Finally, we ensure that our reactive response flows are monitored and maintained, tracking reports from external finders, and working with threat intelligence teams to stop active threats to our customers. Throughout all of this, you will work with our industry partners to contribute security improvements to the Chromium project to make the web safer for everyone.

As a Security Engineer II in Edge Browser, you will be expected to have knowledge and experience of cybersecurity principals. Ideal candidates will have or quickly obtain a technical knowledge of code audit, fuzzer development, crash analysis and web security. Successful candidates will demonstrate the ability to adopt an adversarial mindset, finding creative ways to break assumptions, identify gaps, and bypass security functions. It is highly beneficial to also have a deep understanding of security fundamentals, computer science skills, and a passion for keeping Microsoft’s customers safe.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction.

Responsibilities

Identifies security issues within assigned areas and proposes mitigation steps, escalating complex or high-impact risks as needed.
Supports implementation of mitigation, response, and remediation activities using established tools, guidelines, and best practices.
Investigates, diagnoses, and triages security incidents with minimal guidance, following defined incident response processes.
Contributes to incident management, including stakeholder communication and postmortem/root cause analysis.
Participates in security reviews (e.g., architecture, design), documents findings, and collaborates on remediation plans.
Applies secure design and development best practices across feature areas to reduce vulnerabilities and improve resilience.
Assists in monitoring and responding to security events, vulnerabilities, and compliance issues, escalating as appropriate.
Contributes to operational security efforts and helps identify opportunities to improve security posture.
Partners with others to implement solutions for defined security problems and improve existing tools and processes.
Collaborates across teams, incorporates customer and partner feedback, and continuously builds expertise in security technologies and practices.

Qualifications

Required Qualifications:

Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
- OR equivalent experience.

Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

**Microsoft Cloud Background Check: **This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
- OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
- OR equivalent experience.
Experience with relevant security research along with relevant CVEs (if available) ideally in browser vulnerability discovery.
Experience with writing basic exploits for native or web applications.
Development and deployment of fuzz testing and/or static analysis software.

#MicrosoftAI #EdgeVR #EdgeSecurity

Security Research IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about **requesting accommodations.**