New job, posted less than a week ago!
Job Details
Posted date: Jan 29, 2026
Category: Security Operations Engineering
Location: Multiple Locations, Multiple Locations
Estimated salary: $222,050
Range: $139,900 - $304,200
Employment type: Full-Time
Work location type: 0 days / week in-office – remote
Role: Individual Contributor
Description
OverviewMicrosoft is committed to ensuring that we develop and deploy our AI technologies in ways that uphold our AI principles and warrant people’s trust. Here in Microsoft Gaming, we are on a mission to bring the joy and community of gaming to everyone on the planet. We deliver on that vision by putting players at the center, enabling you to play the games you want, with the people you want, anywhere you want. Gaming Player Services and Operations is at the heart of our ambition to reach billions of players across the globe, ensuring that every player feels included and engaged across Xbox. We do this through our commitment to driving operational excellence through innovation and ensuring player and partner delight across Microsoft Gaming. The Gaming Security team is dedicated to securing the joy of gaming by creating a secure and inclusive environment for players. Our mission is to safeguard assets, protect customer data, and ensure a secure play experience through collaboration with stakeholders. We utilize AI and automation to enhance threat detection and response capabilities, thereby improving efficiency and reducing operational resources. Our strategy focuses on standardizing security solutions across departments, fostering a culture of innovation, collaboration, and continuous improvement. By championing transparency, compliance, and responsible AI use, the Gaming Security team aims to build a robust security posture and maintain player trust. We are seeking a Gaming Principal, Cloud Threat Detection & Incident Response Engineer to lead the strategic maturity of cloud-native security capabilities across Microsoft Gaming. This high-impact technical leadership role will define and advance the use of Azure’s security stack—including Microsoft Defender for Cloud, Sentinel, Entra ID, MDE, and related cloud telemetry—to detect, investigate, and rapidly respond to threats. You will set the architectural direction for cloud TDIR, build scalable detection and automation frameworks, and guide engineering teams toward a unified, cloud-centric security posture across Xbox, Activision Blizzard King, and ZeniMax. 
Success in this role requires technical expertise, effective communication, and a collaborative mindset. You will bring others together to develop common solutions, mentor senior engineers, and influence cloud architecture decisions to improve visibility and reduce attack surface. The ideal candidate thrives in dynamic environments and embodies Microsoft’s values of respect, integrity, accountability, and inclusion. 
Responsibilities
Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows 
Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls 
Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments 
Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments 
Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies 
Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps 
Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths 
Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows 
Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners 
Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns 
Champion CI/CD pipelines, version-controlled detection repositories, automated testing, and change management for cloud detections 
Mentor senior engineers, scale cloud security knowledge across the organization, and raise the technical bar for the Gaming TDIR function 
Partners with cross-functional teams to define and architect automation to improve effectiveness and efficiencies of security operations, resolving issues with new processes as needed.
Leads the development and/or implementation of automated and artificial intelligence (AI) solutions that minimize and/or resolve incidents.
Drives security automation and tooling initiatives, integrating security checks into CI/CD pipelines to improve consistency and scale
Oversees the utilization of automation and AI to prioritize and drive improvements to products, services, and solutions.
Acts as a key escalation point for security incidents, collaborating with incident responders to investigate, remediate, and improve system resilience.
Develops and implements security policy and standards across teams and services. Preemptively evaluates security policy and standards to identify critical gaps and leads the development of strategies to drive improvements and implement new controls.
Qualifications
Required Qualifications: 
Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident responseOR equivalent experience.
Preferred Qualifications: 
10+ years of hands-on experience in cloud security engineering, threat detection, incident response, or security architecture 
10+ years of experience in Cyber Security  4+ years of hands-on experience with AWS, GCP (Google Cloud Platform), or Azure security detection and threat-hunting strategies 
Demonstrated ability to influence engineering groups and lead during high-severity cloud incidents 
Understanding of KQL/Splunk SPL, Python, or other automation tooling languages, and cloud-focused investigation patterns 
Understanding of modern adversary behavior in identity-centric and cloud-native environments 
Experience with multi-cloud detection strategies 
Background in cloud telemetry engineering, logging architecture, or distributed signal processing 
Experience with large-scale or highly federated environments spanning multiple business units 
Familiarity with game hosting services, analytics pipelines, or live-service architecture 
#GamingJobs
Security Operations Engineering IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
Check out other jobs at Microsoft.