Cybersecurity Incident Response Engineering, Director

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft?s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and... connected customer experience.
The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S.
The Microsoft Detection and Response Team (DART) is hiring for a Cybersecurity Incident Response Engineering, Director. This position will be a vital leader and manager of the global Cybersecurity Incident Response team, leading the DART team in customer investigations, activities and capability development with the support of Microsoft Partners.
As the Director of America?s time zone, you will be responsible for DART?s largest and often busiest region, and will work collaboratively with the managers reporting to you, technical leaders, and Microsoft security all-up. You will work in a fast-paced, intellectually intense, constantly-evolving environment, and deal with complex customer challenges every day.
This is a global position. The role is flexible in that you can work up to 100% from home however short notice travel to work onsite alongside customers will likely be 40% or higher as is demanded by the needs of our customers and business. This position may require you to work a rotational On-Call schedule, evenings, weekends or holiday shift. Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed.
Microsoft?s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
People Management
? Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
? Model - Live our culture; Embody our values; Practice our leadership principles.
? Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
? Care - Attract and retain great people; Know each individual?s capabilities and aspirations; Invest in the growth of others.
Conducting Research
? Provides direction to teams to ensure efforts are dedicated to prioritized Security Research efforts in multiple projects in different security areas. Oversees teams researching highest priority security issues and to fully investigate cause, motivation, and impact. Collaborates across teams to appropriately address and mitigate issues. Advocates for follow through with senior leadership. Ensures feedback loops are active and inform future research efforts.
? Ensures teams research, synthesize findings, and make recommendations aligned to key priorities for the business. Collaborates across teams, organizations, and leaders as needed to advocate for adoption of recommendations. Determines and ensures dissemination of research to those who most benefit. Balances value of dissemination over risk of divulging techniques. Builds and maintains relationships with stakeholders who benefit from research insight. Drives change within organization based on research findings. Leads team and role models contribution to professional community by publishing, advancing the Microsoft brand, creating and patenting IP. Maintains sustained interaction with research partners (e.g., industry, academia, government).
Solution Generation
? Contributes to crafting standards to address complex security issues. Influences standards within and outside Microsoft. Provides guidance to others as needed. Leads teams to focus on highest priority issues. Guides team in developing and deploying models, best practices, and guidelines to address patterns of issues. Frames strategy for the team and empowers them to execute accordingly.
? Works across multiple teams, divisions, and functional areas to support technical implementation of solutions and automation that increase the ability to harden against, detect, and mitigate issues (e.g., signature detection, malware, threat analysis, reverse engineering). Ensures teams develop and maintain areas of expertise, expands into new areas of expertise, and shares best practices across teams. Works across Microsoft to drive strategy across the organization. Drives alignment across organizations and may have impact outside Microsoft. Drives teams to use results from research and experimentation to drive architecture or product direction. Prioritizes efforts to further develop knowledge areas needed to drive direction in the industry.
? Collaborates across teams to ensure progress. Ensures obligations are fulfilled while planning for future capabilities and potential. Provides oversight across functional areas. Fosters collaboration across teams and functional areas. Holds teams accountable to standards. Influences teams and partners to uphold and create new standards. Actively retires outdated/redundant standards. Drives for engineering efficiency and clarity in standards.
Orchestration
? Works across multiple teams, divisions, and functional areas to provide technical perspective. Synthesizes perspectives to inform Microsoft position on security issues and prioritize points for advocacy. Influences Microsoft's standing in the industry. Builds structural relationships to enable streamlined and efficient communications and collaboration. Maintains one strategy across teams and organizations.
? Defines processes and environments to protect tools, techniques, information and results of security practices. Ensures teams are properly handling information/secrets. Educates others on proper procedures. Coordinates efforts across teams and with senior leaders as needed.
? Directs teams to lead postmortem and root cause analyses for complex and/or large scale live site issues to create repair items, specifies tools, and systems that support incident management, and mitigates and resolves issues across organizations. Guides teams to manage complete incidents with multiple bridges and ensures Incident Management System(s) are implemented, executives and customers are updated during and after incidents, and that quality postmortem and root-cause analysis processes are executed.
? Oversees teams in security and architectural design reviews for suite of features. Uses empirical evidence to identify and develop best practices for designing, implementing and validating software. Manages costs and budget associated with security reviews. Advises, evaluates, informs, and applies Security by Design Principles to products, services and research.
Industry Leadership
? Leads the work of technical experts and leverages expertise across a spectrum of specialties to ensure work is properly resourced and prioritized. Conveys critical technical issues to upper management in actionable terms. Advocates for accomplishments and needs of the teams. Persuades others to support key priorities. Establishes and maintains ethical behavior for the team in areas of subject matter expertise, including coordinated disclosure and ethical hacking. Drives participation in conferences and industry events. Ensures best practices are shared within and across teams.
? Collaborates with leaders of other engineering teams to identify and propose potential business opportunities, services, and/or product offerings. Manages efforts to research, develop, and implement new tools, technologies, and/or processes that may improve the availability, reliability, efficiency, and/or performance of products. Leverages technical expertise to anticipate and identify trend changes and adapt work accordingly. Makes business recommendations, such as cost-benefit, invest-divest, forecasting, and impact analysis with effective presentations of findings.
Other
? Embody our culture and values
Qualifications
Required/Minimum Qualifications
? 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
? OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
? 1+ year(s) people management experience.
Additional Or Preferred Qualifications
? 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
? OR Doctorate in Statistics, Mathematics, Computer Science or related field.
? 2+ years people management experience.
? 5+ years customer facing experience.
? 5+ years people management experience.
? Track record of successfully managing a technical business group and maintaining consistent growth.
? Recognized as a strategic leader who has the ability to hire, retain and motivate diverse quality talent.
? Experience leading both a services organization and product development function.
? Develop business strategy and provide technical thought leadership.
? Manage customer engagements escalations to ensure customer satisfaction.
? Understanding of security technology and implementation principles with a focus on the cyber threat landscape.
? Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
? Executive presence, ability to influence upper-level IT and Global Risk leaders, CISO, CTO, CIOs.
? Experience leading a global cross-functional team.
? Experience with the following: opportunity identification, customer advocacy, conflict resolution, competitor intelligence, challenger mindset, business acumen and analysis, executive presence, strategic technical planning, technology industry knowledge, trusted technical advisor.
? Experience with some of the following is a distinct advantage.
? Demonstrated history of leading teams of Security threat hunting analysts, engineers and consultants to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases.
? Experience in helping enterprises manage vulnerabilities, measure security and ensure compliance.
? Demonstrated experience in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures.
? Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale.
? Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques.
Security Research M5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until July 22, 2024.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations

Apply Job!