Security Operations Engineering

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions.

The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Security is the foremost concern for Microsoft and our customers in a world increasingly challenged by digital threats, regulatory demands, and estate complexity.

The Microsoft Security organization accelerates Microsoft’s mission to ensure that our company and industry effectively secure digital technology platforms, devices, and clouds across our customers’ diverse environments, as well as our own internal systems.

Within Microsoft Security, the CISO organization is dedicated to defending the Microsoft estate and protecting our customers and partners who rely on it with our approach reinforced by the Microsoft Secure Future Initiative (SFI), a company wide effort to evolve how we design, build, test, and operate our products and services to achieve the highest possible standards for security. Our strategy is anchored in stopping adversaries through the integration of advanced threat intelligence, proactive threat hunting, rock solid operations, sustainable governance, and the facilitation of automation and augmentation with AI to anticipate, detect, and neutralize even the most sophisticated attacks.

We cultivate a culture focused on growth, excellence, and empowering our teams and leaders to perform at their highest level, leading to innovations that impact billions of lives around the world.  We are seeking a Security Incident Commander to manage cybersecurity incidents driven by Microsoft’s Cyber Defense Operations – Operations Hub. The Operations Hub is the centerpiece of the Defense Operations organization and is responsible for cybersecurity incident coordination, cross-organizational communications, oversight and monitoring across Defense Operations, and continuous improvement of Defense Operations processes.

With the continued evolution of the external threat landscape, Microsoft continues to be a prime target for a variety of threat actors and experiences an increasing number of attempts to breach its defenses. In this role, you will lead cross-functional incident response coordination for high complexity and large-scale security events. You will be ensuring incidents are managed effectively, by tracking the progress of incident response activities so that response efforts move at pace with clear milestones defined, and risk and progress is communicated accurately to all relevant stakeholders.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Microsoft’s mission is to empower every person and every organization on the planet to achieve more.

As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

Core Responsibilities: 

• Continuously identify and engage the appropriate stakeholders throughout the entirety of a security incident and ensure stakeholder teams are operating according to their Service-Level Agreements (SLAs).
• Facilitate or escalate decisions and critical blockers to leadership throughout the response, as needed to ensure that the security incident response is moving forward with appropriate pace Maintain the general response timeline and facts of the security incident throughout response events.
• Assess escalated cases to confirm an incident’s severity, risk, and impact using details outlined in established procedures. Activate the incident response process outlined in formal procedures when the criteria are met.
• Lead Security Incident Response Team meetings per the procedures outlined in formal playbooks. Determine when and how to de-escalate the response by using the processes defined in formal documentation. Participate in the development and implementation of standardized procedures for coordinating large-scale adversary cybersecurity.
• Build strong partnerships across defense, engineering, governance, compliance and security teams to enable timely incident coordination.
• Participate in the creation of metrics and reporting to measure the effectiveness of incident coordination, identifying and addressing gaps or inefficiencies.  Participate process improvements, best practices, and automation opportunities to enhance the methods by which incidents are coordinated and related information is communicated across the organization.
• Ensure alignment with broader cybersecurity strategies, compliance requirements, and industry standards.  In this role, you will also handle communications in a timely manner with clear ownership and resolution and to drive continuous improvement to ensure our Cyber Defense Operation function remains agile, efficient, and at the cutting edge of threats and challenges. 

Qualifications

• 5+ years of experience in coordinating any one of the following fields: modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), Information technology (IT), Incident response, IT operations, or governance roles with a focus on cybersecurity incident response or crisis management processes.  
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent experience.
• Understanding of the incident response lifecycle, including the processes and technologies that assist with incident response. Ability to design and implement operational processes and standards along with analytical skills with the ability to synthesize multiple and complex threads.
• Communication and collaboration skills to drive alignment across multiple teams and stakeholders and to keep executives informed and aware of important topics.

Preferred Qualifications:

•  Previous experience working in high scale, cloud architecture environments Proven ability to operate effectively in high-pressure environments with a sense of urgency and accountability. Excellent verbal and written communication skills, including the ability to distill complex information for diverse audiences.
• Strong problem-solving and decision-making abilities, with a focus on driving resolution and minimizing impact. Experience working within a large, complex enterprise environment or with global incident response teams.
• Familiarity with incident management tools, SIEM platforms, or case management systems. Knowledge of cloud security principles and technologies (e.g., Azure, AWS, GCP). Experience with post-incident analysis, including root cause analysis and implementation of corrective actions.
• Proficiency in creating and delivering executive-level presentations and reports

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.