Principal Security Incident Response Manager

The Microsoft Security Response Center is looking for a talented Security Response Manager to lead the M365 Security response team. Microsoft 365 brings together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations, whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government. Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services.
We are seeking a leader to help us grow our team of expert security engineers to protect our customers against all threats by delivering & managing effective security incident response. Your passion in leading people, security, comfort with ambiguity, and consistent exceptional performance under high pressure will be critical in helping us successfully achieve our mission. This team will leverage billions of signals across our services (Office 365, AAD, MDATP, etc.), cutting edge threat research, state of the art ML/AI, and human expertise to ensure threats are stopped before they infect user machines or any of our service infrastructure. This leadership position requires deep domain knowledge in incident management, security operations, and the capability to lead a globally distributed team of experts.
#MSRC
#MSFTSecurityResponsibilitiesIn this role you will work to help identify risks to the M365 business and customers. You will investigate and respond to issues, extract learnings from incidents, and partner with peers to improve prevention, detection, and response mechanisms in the future. These responsibilities include:

• Build and lead a team of talented security responders, working closely with investigators and security engineering across M365 (e.g. Office ATP, Office 365, AAD and MDATP) as well as across Microsoft Security(Azure, Corporate Security, etc)
• Provide exemplary leadership in an exceptionally challenging and rewarding environment
• Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes
• Partner across the company's security experts and build relationships with key stakeholders that can improve our security practices and response capabilities.
• Manage activities across all issues throughout the incident lifecycle.
• Work with other internal and external teams to forge new and improve existing partnerships that help improve our products and experiences for all customers.
• Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products
• Innovate processes, create strategies and work with partner teams to promote efficiency and standardization.
• Ensure excellence through regular training and learnings.
• Drive learnings into our products to protect all our customers
• Build metrics and KPI for existing projects to monitor progress. This includes creating reports, executive summaries, and updates for leadership team.

QualificationsRequired Qualifications:

• 7+ years working in information security (infosec, SecOps, security PM, analyst, researcher, etc.) field.
• Proven team leadership and people management capabilities with at least 5+ years of experience managing a security team over time with responsibilities across engineering, security operations, and/or cybersecurity investigations.
• Experience growing a team, building talented high performers, and a track record of delivering outstanding results as a TEAM.
• Excellent communication skills and situational awareness. You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators
• Deep understanding of Security Operations Center and Security Incident Response Team processes and procedures.
• Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.
• Proven success driving change based on learnings from incidents: Post Incident Reviews (PIR) / After-Action Reports / Post-Mortems, etc.
• Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking.
• Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.
• Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.
• Ability to work effectively in ambiguous situations and respond favorably to change.

Preferred Qualifications:

• Knowledge in detection technologies and methodologies
• Deep and practical OS security/internals knowledge
• Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based.
• Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills.
• Good knowledge of kill-chain model, ATT&CK framework, and modern red team tactics and techniques.
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.

Microsoft Cloud Background Check: This successful candidate to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year.
There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.
Security Operations Engineering M6 - The typical base pay range for this role across the U.S. is USD $158,500 - $276,600 per year.
There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $202,800 - $304,200 per year.
Microsoft has different base pay ranges for different work locations within the United States, which allows us to pay employees competitively and consistently in different geographic markets (see below). The range above reflects the potential base pay across the U.S. for this role (except as noted below); the applicable base pay range will depend on what ultimately is determined to be the candidate's primary work location. Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Base pay ranges are reviewed and typically updated each year. Offers are made within the base pay range applicable at the time.
At Microsoft certain roles are eligible for additional rewards, including merit increases, annual bonus and stock. These awards are allocated based on individual performance. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee's role. Benefits/perks listed here may vary depending on the nature of employment with Microsoft and the country work location. U.S.-based employees have access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, wellbeing benefits, paid vacation time, paid sick and mental health time, and several paid holidays, among others.
Our commitment to pay equity
We are committed to the principle of pay equity - paying employees equitably for substantially similar work. To learn more about pay equity and our other commitments to increase representation and strengthen our culture of inclusion, check out our annual Diversity & Inclusion Report. ( https://www.microsoft.com/en-us/diversity/inside-microsoft/annual-report )
Understanding roles at Microsoft
The top of this page displays the role for which the base pay ranges apply - Security Operations Engineering M5, Security Operations Engineering M6.
The way we define roles includes two things: discipline (the type of work) and career stage (scope and complexity). The career stage has two parts - the first identifies whether the role is a manager (M), an individual contributor (IC), an admin-technician-retail (ATR) job, or an intern. The second part identifies the relative seniority of the role - a higher number (or later letter alphabetically in the case of ATR) indicates greater scope and complexity.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.