Job is more than 1 month old.
Job Details
Posted date: Sep 22, 2025
Category: Security Engineering
Location: Multiple Locations, Multiple Locations
Estimated salary: $222,050
Range: $139,900 - $304,200
Employment type: Full-Time
Travel amount: 25.0%
Work location type: 0 days / week in-office - remote
Role: People Manager
Description
With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers’ expectations in every interaction, whether in-product, digital, or human-centered. CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft’s portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world.The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty.
Microsoft Incident Response – the Detection and Response Team (DART) – part of the Customer Experience & Success (CE&S) organization – is seeking a Director of Security Research and Incident Response to lead its global incident response team. DART is Microsoft’s elite cybersecurity task force, providing holistic incident response and investigation services to customers facing advanced cyber threats. In this role, you will manage and mentor a worldwide team of security engineers and responders, coordinate complex customer investigations, and drive the development of DART’s response capabilities in collaboration with other Microsoft security partners. You will operate in a fast-paced, dynamic environment, tackling sophisticated security incidents across cloud and on-premises environments on a daily basis.
This role is positioned at the forefront of Microsoft’s Incident Response services. The Director of Security Research and Incident Response will be expected to embody Microsoft’s culture of growth mindset, integrity, and inclusion, nurturing their team and collaborating across the company to protect our customers. If you are passionate about helping organizations counter advanced cyber adversaries and have the leadership acumen to drive a global response team, this role offers a unique opportunity to make an impactful difference
This role is flexible in that you can work up to 100% from home.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
People Management Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers Managers deliver success through empowerment and accountability by modeling, coaching, and caring. Model - Live our culture; Embody our values; Practice our leadership principles. Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.
Strategic Initiatives Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes. Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities. Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner. Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques. Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements. Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats. Leverage input from Threat Intelligence team, including strategic, operational, and tactical intelligence to benefit containment and hardening of customer environments, while keeping knowledge and skills current with the rapidly changing threat landscape. Similarly, share threat data with threat intelligence and engineering teams and drive research of threat actors and threat activity. Interface closely with and influence security product owners Drive the evolution of both proactive and reactive detection and investigation capabilities
Business Operations Maintain a profitable business while developing a strategy for significant growth Influence product direction through customer experience and feedback of product capabilities during crisis Engage directly with customers as a member of the engagement team, providing leadership and oversight to ensure profitability, high customer satisfaction, and operational excellence Ensure delivery alignment with sales, and prioritize capacity and readiness planning against demand Serve as liaison between technical response and the business to minimize the impact of an incident to the customer Maintain business operations: Deliver against metrics, KPIs and other leading delivery operational and health indicators for our business unit. Responsible for technical and executive level reports on incident response issues. Design, document, and implement detection and incident response processes, procedures, guidelines, and solutions. This involves operation and continually improving existing DART process, as well as the development of new processes in response to evolving threats and business requirements. Ability to apply entrepreneurial and innovative mindset and attitude to adapt to the speed and agility needed for evolving business demands. Excellent time management, writing and communication skills Participating in a follow-the-sun on-call rotation Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business. This is a global position. Off-time zone hours and weekend work is highly likely. Position location is flexible.
Qualifications
Required Qualifications:Master's Degree in Statistics, Mathematics, Computer Science or related field OR 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.1+ year(s) people management experience.5+ years customer-facing experience.
Other Requirements:
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.
Preferred Qualifications:
Doctorate in Statistics, Mathematics, Computer Science or related fieldOR 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.2+ years people management experience.Strong analytic, qualitative, and quantitative reasoning skills Track record of successfully managing a technical business group and maintaining consistent growth Recognized as a strategic leader who can hire, retain and motivate diverse quality talent Experience leading both a services organization and product development function Develop business strategy and provide technical thought leadership Manage customer engagements escalations to ensure customer satisfaction Advanced technical degree or equivalent experience Advanced understanding of security technology and implementation principles with a focus on the cyber threat landscape Solid oral and written communication, organizational and interpersonal skills Knowledge of the legal and regulatory landscape related to security and privacy in an international environment Executive presence, ability to influence senior IT and Global Risk leaders, CISO, CTO, CIOs Experience leading a global cross-functional team Experience with the following: opportunity identification, customer advocacy, conflict resolution, competitor intelligence, challenger mindset, business acumen and analysis, executive presence, strategic technical planning, technology industry knowledge, trusted technical advisor Eligibility for a government security clearance Demonstrated history of leading teams of Security threat hunting analysts, engineers and consultants to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques International consulting experience is a plus
Security Research M5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until October 2, 2025.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Check out other jobs at Microsoft.