Microsoft Security aspires to make the world a safer place by reshaping security and empowering users, customers, and developers with a security cloud. The NEXT team is building the next generation of AI-native security products to address evolving digital threats and complexity.
Requirements
- Proficiency in C-Sharp/.NET and Python, API/microservice design, testing, and code quality practices
- Experience building on Azure, including but not limited to AKS, Container Apps, Functions, or App Service; plus Storage/Cosmos/SQL/ADX, Service Bus/Event Hubs, Key Vault, Managed Identity; basic networking
- Experience with distributed systems fundamentals: concurrency, messaging, resilience patterns, performance, and telemetry/observability
- Experience with CI/CD and infrastructure-as-code experience (GitHub Actions/Azure DevOps; Docker/Kubernetes; Bicep/Terraform)
- 2+ years working with Machine Learning (ML)/Artificial Intelligence (AI) systems (e.g., Large Language Models (LLMs)/Generative AI (GenAI), retrieval/Retrieval-Augmented Generation (RAG), model serving, experimentation platforms, data pipelines) including establishing evaluation metrics and improving model quality.
- Security domain exposure (SIEM/SOAR/XDR/EDR, incident response, threat intel) and KQL/Azure Data Explorer
- Agentic AI in production: tool orchestration, permissions/policy checks, and human-in-the-loop approval workflows
Responsibilities
- Design, build, and operate AI-powered cloud services and APIs in Azure using C-Sharp/.NET and Python (AKS, Container Apps, Functions, App Service)
- Implement LLM/RAG/agentic workflows: retrieval, grounding, function/tool calling, and safe automation for investigation and remediation with human-in-the-loop controls
- Build data and indexing pipelines: embeddings, vector search (Azure AI Search, Cosmos DB vector, Postgres+pgvector), and connectors to Microsoft security data (Defender, Sentinel) and ADX/Kusto
- Add evaluation, safety, and observability: golden datasets, automated regressions, prompt/response guardrails and content filters, prompt-injection/jailbreak defenses, metrics/dashboards/alerts
- Optimize inference and service performance/cost: batching, caching, streaming, model selection/routing, multi-region deployment, and fallback strategies
- Ship securely: threat modeling, least-privilege access, Managed Identity/Key Vault, encryption, data minimization, consent/policy enforcement, and audit logging
- Own CI/CD and IaC: GitHub Actions or Azure DevOps; Docker/Kubernetes; Bicep/Terraform; canary/ring deployments, safe rollbacks; participate in on-call and improve SLOs
Other
- Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- End-to-end owner: you build it, you run it—from prototype to reliable production service
- Security-first and responsible AI by default: privacy, safety, and compliance built into designs and code
- Pragmatic builder: chooses the simplest approach that meets reliability and safety bars; automates where it matters
