Principal Security Operations Manager

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Join the dynamic and high-impact M365 Core Security team as a Principal Security Operations Manager on our cutting-edge Assume Breach Eviction and Response team. Our mission is to safeguard Microsoft 365 by identifying, mitigating, and responding to sophisticated security threats. For the the Eviction and Response team, we are looking for a Principal Security Operations Manager to be at the forefront of driving comprehensive security responses, focusing on identifying risks, orchestrating eviction strategies, and automating processes to enhance our security posture.

The Eviction and Response team is dedicated to tackling advanced security events with a proactive and offensive mindset. We operate under the Assume Breach philosophy, anticipating potential breaches and responding swiftly to neutralize threats. Your role will involve collaborating closely with security engineers, incident responders, and developers to craft and implement manual and automated eviction strategies, ensuring that our systems are resilient against the ever-evolving threat landscape. If you are passionate about cybersecurity, have a knack for strategic problem-solving, and thrive in high-stakes environments, this is your opportunity to make a significant impact on the security of millions of users worldwide. Join us and be a part of the team that sets the standard for security response in the cloud. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities:

• Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
• Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
• Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
• Communicating key objectives and results with clarity and context Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
• Identify attacker tools, tactics, and procedures to develop indicators of compromise
• Responding to security incidents as analyst and investigator
• Provide direct feedback to both development teams and product groups for continued product improvements.
• Troubleshoot issues related to the deployment of security tooling.
• Threat Containment
• Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats.
• Other
  • Embody our Culture and Values

Qualifications:

Required Qualifications:

• 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), and information technology (IT) operations
  • OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
    
    
• 3+ years people management experience.
  
  
• Experience conducting forensic investigations involving the collection and analysis of data from Microsoft cloud products
• Experience with Kusto Query Language or similar database query language for manipulating data

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• 9+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
  
  
• OR Doctorate in Statistics, Mathematics, Computer Science or related field.
  
  
• 5+ years people management experience.
  
  
• 2+ years leading a security function (e.g., Security Operations Center [SOC], threat and vulnerability management [TVM]).
  
  
• Ability to take a risk-based approach when hunting through large datasets, including the ability to generate targeted recommendations based on those findings depending on the overarching incident, and to raise time-sensitive remediation actions when appropriate
• Experience Threat Hunting in both reactive incident response scenarios to identify initial access, lateral movement, persistence mechanisms, staging and exfiltration, and impact, and proactive scenarios to identify opportunities to reduce unnecessary risk, improve overall maturity, or evidence of an undiscovered compromise

Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until August 26, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#M365Security #MSFTSecurity