Microsoft – Director of Security Operations & Incident Response

Redmond, Washington, United States

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

The Digital Security and Risk Engineering (DSRE) team is looking for a Principal Service Engineering Manager leader for the Director of Security Operations and Incident Response role in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team you will have the opportunity to lead and work with top talent, some of the newest technologies and shape security best practices at the company. The Director will be responsible for all aspects of security operations and incident response for the Microsoft corporate network and will lead both proactive and defensive actions to protect, detect, and respond in partnership with other security, privacy, incident, and crisis teams across the Microsoft enterprise. You will communicate with a wide range of stakeholders and executives to explain complex issues, potential risks and adversary tactics, techniques, and procedures (TTP). The role requires an in-depth understanding of cloud technologies, information security and enterprise scale services.    

The ideal candidate will be able to effectively manage multiple incidents, lead global team activities and deliverables, coordinate with a diverse set of partners and stakeholders, and contribute to executive communications to leaders across Microsoft. The Leader will also be responsible for attracting and retaining industry-leading talent, developing long-term work force plans, and driving continuous improvements into the program.  



  • Direct Microsoft Security Operations Center and Computer Security Incident Response Teams
  • Curate a world class security monitoring and threat detection/response team with a relentless focus on innovation and automation
  • Coordinate incident response and crisis management activities with Microsoft partner security and privacy incident response teams though co-leadership of Microsoft’s Cyber Defense Operations Center
  • Develop, encourage, and coach a wide range of personnel with diverse technical skills and experiences.
  • Develop and implement response plans for enterprise scale services, production, lab, and information worker environments.
  • Ensure cyber security incident response plans and activities are following applicable laws, statutes, and compliance requirements.
  • Execute compartmented incident response activities as needed.
  • Use problem management to drive continuous improvement in incident processes and identify/share best practices across the incident response community.
  • Communicate the business value of the security operations and incident response program to executive stakeholders
  • Communicate status, results, and summaries of security incidents to executive leaders
  • Execute tabletop exercises across diverse business areas and geographies to ensure operational readiness
  • Provide monthly incident summary and service health review reporting for executive stakeholders


Basic Qualifications:

  • A minimum of a Bachelors degree in Digital Security, Information Technology, Information Assurance, Computer Science, or a related field, or equivalent alternative education, skills, and/or practical experience is required.

Preferred Qualifications:

  • Demonstrated organizational, written and oral communication, negotiation, and management skillset
  • Strong ability to operate successfully in ambiguous situations
  • 10+ years of experience in incident/crisis management at a state, federal, or major corporate level
  • Experience acting as an incident commander at a state, federal, or major corporate level
  • Ability to gather stakeholder feedback and incorporate that into strategies that support business outcomes
  • Ability to operate successfully across geographies, jurisdictional boundaries, and organizational structures
  • Demonstrated success as a leader of a highly collaborative team
  • After hours escalations and on-call responsibilities can be expected



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Related Jobs