How long is "enough" at first cybersecurity role? (Application Security)

After graduating as a bachelors, I landed a role in application security at Microsoft in security engineering and have been there for about one year and a half. I work on code review, helping developers threat model, and also do a bit of security testing.

I still feel like I'm drinking from the firehose, but if I want to entertain other offers, is this too fast?

If I do make the choice, I still want to work while spending a …

application application security code code review cybersecurity developers engineering helping microsoft review role security security engineering security testing testing threat threat model work