Senior Security Research Manager

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Do you want to lead a team of highly motivated world-class security engineers responsible for researching security issues across Microsoft products. You'll lead the Microsoft Security Response Center Vulnerabilities and Mitigations Team (MSRC V&M) Team as a Senior Security Research Manager, exploring new ways to find, eradicate, and prevent security flaws in our codebase. You'll have the opportunity to work across Microsoft with developers, pen testers and security personnel to get ahead of those that wish to do harm to our customers. This is a unique opportunity to impact every major product that Microsoft has running and learn to solve security at the scale and complexity of Microsoft. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.  Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

People Management  

• Managers deliver success through empowerment and accountability by modeling, coaching, and caring. 

• Model - Live our culture; Embody our values; Practice our leadership principles. 

• Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn. 

• Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others. 

 

Conducting Research 

• Allocates resources of team to ensure efforts are dedicated to prioritized Security Research efforts within scope of responsibility. Directs team to research highest priority security issues and to fully investigate cause, motivation, and impact. Collaborates across teams to appropriately address and mitigate issues. Ensures feedback loops are active and inform future research efforts. 

• Directs teams in synthesizing research results into recommendations to improve or mitigate security issues. Advocates for adoption of recommendations. Collaborates across teams as needed. Drives change within team based on research findings. Encourages team to contribute to professional community through publications. 

• Ensures work of the team upholds standards of analysis and design. Recognizes and conveys the impact of security problems and threats. Evaluates and makes improvements to insights generated by analyses. Recognizes and prioritizes systemic issues to address. Provides clarity to team on strategic direction and priorities. 

• Guides team to define prioritization and validation methods for technical indicators. Ensures team synthesizes threat data to generate trends, patterns and insights that align to intelligence requirements or customer requests. Reviews findings and identifies nuanced variants. Leads team to develop tools to automate analyses. 

• Leads team to develop data sources, including cleaning, structuring, and standardizing data. Leads team to uphold data quality standards to ensure timely and consistent access to data sources. Guides team to curate sources of data and partners with other teams to develop and sustain data access. 

• Allocates resources of team and prioritizes work, including real-time re-prioritization when needed. Coordinates resources across groups to support the work of the team. Serves as escalation point for conflicting priorities. 

 

Solution Generation 

• Contributes to crafting standards to address complex security issues. Provides guidance to others as needed. Leads team to focus on highest priority issues. Guides team in developing and deploying models, best practices, and guidelines to address patterns of issues. Begins to frame strategy for the team and empowers them to execute accordingly. 

• Leads teams in technical implementation of solutions and automation that increase the ability to harden against, detect, and mitigate issues (e.g., signature detection, malware, threat analysis, reverse engineering). Encourages development of areas of expertise in teams and sharing of best practices across teams. Leads team to use results from research and experimentation to drive architecture or product direction for Microsoft. 

• Collaborates across multiple areas to keep the team moving forward. Ensures obligations are fulfilled while planning for future capabilities. Provides oversight across functional areas. Fosters collaboration within and across teams. Helps hold teams accountable to standards. Influences teams and partners to uphold standards. Actively retires outdated/redundant standards. Drives for engineering efficiency and clarity in standards. 

 

Orchestration 

• Works across multiple functional areas or stakeholders to provide technical perspective. Synthesizes perspectives to inform Microsoft position on security issues and prioritize points for advocacy. Builds structural relationships to enable streamlined and efficient communications and collaboration. 

• Defines processes and environments to protect tools, techniques, information and results of security practices. Ensures teams are properly handling information/secrets. EDucates others on proper procedures. 

• Leads team that manages multiple workstreams and resources during incidents, applies diagnostic expertise, provides guidance to other engineers working to mitigate and resolve issues, and maintains a commitment to the quality of products and services throughout the lifecycle. Directs analysis to identify trends, patterns, and issues that should be addressed at high priority. 

• Guides team in security and architectural design reviews for suite of features. Leads team to adopt best practices for designing, implementing and validating software. Manages costs and budget associated with security reviews. 

 

Industry Leadership 

• Leads the work of technical experts and leverages expertise across a spectrum of specialties to ensure work is properly resourced and prioritized. Conveys critical technical issues to upper management in actionable terms. Establishes and maintains ethical behavior for the team in areas of subject matter expertise, including coordinated disclosure and ethical hacking. Participates in conferences and industry events. Ensures best practices are shared within and across teams. 

• Collaborates with leaders of other engineering teams to identify and propose potential business opportunities, services, and/or product offerings. Manages efforts to research, develop, and implement new tools, technologies, and/or processes that may improve the availability, reliability, efficiency, and/or performance of products. Leverages technical expertise to anticipate and identify trend changes and adapt work accordingly. Makes business recommendations, such as cost-benefit, invest-divest, forecasting, and impact analysis with effective presentations of findings. 

 

Other 

• Embody our culture and values 

Qualifications

• Required Qualifications:
• 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection 

• OR Master's Degree in Statistics, Mathematics, Computer Science or related field. 

 

Preferred Qualifications:

• 6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection 

• OR Doctorate in Statistics, Mathematics, Computer Science or related field. 

• 1+ year(s) people management experience.
•  

Security Research M4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

• Microsoft will accept applications for the role until May 27th, 2025.

 

#MSRC #MSFTSecurity 

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.