Connecting people I'd hire with companies I'd work at

Matt Wallaert
companies
Jobs
Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Cloud Network Security Engineer

Microsoft

Microsoft

Bellevue, WA, USA
USD 119,800-234,700 / year
Posted on Feb 5, 2026
Apply now
Overview

A Cloud Network Security Engineer is focused on Azure networking is responsible for designing and securing cloud-native network architectures that support highly available, automated, and mission‑critical workloads. They serve as a subject matter expert for Azure network security services, integrating telemetry and platform capabilities to enable cohesive monitoring, alerting, and analytics across the security ecosystem. This role drives operational excellence by automating deployments and workflows, proactively maintaining platform health, and responding to cloud-based network threats. The engineer continuously improves service quality using data‑driven insights and aligned cloud change-management practices.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.



Responsibilities
  • Design and secure Azure cloud network architectures supporting highly available, fully automated workloads.
  • Act as the SME for Azure network security services, advising engineers, developers, analysts, and penetration testers.
  • Integrate Azure network services and logs with broader security platforms and cloud‑native big‑data systems to enable monitoring, alerting, and analytics.
  • Operate and manage large‑scale cloud network security services, including incident investigation, threat response, and continuous service reliability improvements.
  • Automate deployments, configuration updates, and operational workflows using scripting, infrastructure‑as‑code, and AI‑driven solutions.
  • Maintain overall platform health through proactive troubleshooting, monitoring, telemetry analysis, and continuous improvement of cloud network coverage.
  • Execute cloud service deployments and upgrades in alignment with change management processes while driving service quality through data‑driven insights.


Qualifications
Required Qualifications:
  • Doctorate in Cyber Security, Data Science, Mathematics, Computer Science, or related field
    • OR Master's Degree in Cyber Security, Data Science, Mathematics, Computer Science, or related field AND 3+ years experience in one or more of the following:
      • Cloud security engineering (Azure, AWS, or GCP)
      • Cloud networking and network security (VNETs, firewalls, routing, segmentation, Zero Trust network controls)
      • Secure cloud architecture or zero‑trust design
      • Threat modeling for cloud-native services
      • Cloud identity & access management (IAM), RBAC, or conditional access
      • Infrastructure‑as‑Code (IaC) security (e.g., Bicep, Terraform)
      • Cloud workload protection, CSPM, CWPP
      • Cloud threat detection, anomaly detection, or behavioral analytics
      • Security monitoring and incident response for cloud environments
      • SIEM/SOAR for cloud logs and telemetry
      • Detection engineering for cloud platforms
      • Leveraging AI/ML for data analytics, cloud threat detection, and automated cloud, network or security tasks
    • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in one or more of the following:
      • Cloud security engineering (Azure, AWS, or GCP)
      • Cloud networking and network security (VNETs, firewalls, routing, segmentation, Zero Trust network controls)
      • Secure cloud architecture or zero‑trust design
      • Threat modeling for cloud-native services
      • Cloud identity & access management (IAM), RBAC, or conditional access
      • Infrastructure‑as‑Code (IaC) security (e.g., Bicep, Terraform)
      • Cloud workload protection, CSPM, CWPP
      • Cloud threat detection, anomaly detection, or behavioral analytics
      • Security monitoring and incident response for cloud environments
      • SIEM/SOAR for cloud logs and telemetry
      • Detection engineering for cloud platforms
      • Leveraging AI/ML for data analytics, cloud threat detection, and automated cloud, network or security tasks
    • OR equivalent experience.

Other Requirements:

  • Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport.

  • Microsoft Cloud Background Check:
    • This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

  • 5+ years experience securing cloud environments (Azure preferred, AWS/GCP acceptable).
  • Experience designing or reviewing secure cloud network architectures (VNETs, Private Endpoints, firewalls, segmentation, routing, DNS, Zero Trust network patterns).
  • Experience with cloud-native security controls including Microsoft Defender for Cloud, Defender for Identity, Defender for Endpoint, and Microsoft Entra ID.
  • Hands-on experience with IaC security (Terraform, Bicep), CI/CD security, and DevSecOps pipelines.
  • Experience with threat detection engineering, cloud telemetry analysis, or building detections for SIEM/SOAR platforms.
  • Strong knowledge of network security fundamentals (firewalls, packet inspection, TLS/SSL, VPN, IPS/IDS, SASE, Zero Trust).
  • Experience with incident response in cloud or hybrid environments.


Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay


This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Apply now
See more open positions at Microsoft
Privacy policyCookie policy