Microsoft UK • United Kingdom

Cybersecurity Incident Response Engineer, Manager

Employment type:  Full time

3 days/week at home

Fully flexible hours

Job Description


With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The Microsoft Detection and Response Team (DART) is hiring for a Cybersecurity Manager for Detection and Response. This position will be a vital leader and manager of the global Cybersecurity Incident Response team, leading the DART team in customer investigations, activities and capability development with the support of Microsoft Partners. You will work in a fast-paced, intellectually intense, constantly-evolving environment, and deal with complex customer challenges every day.

This role is flexible in that you can work up to 100% from home. Position location is flexible.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.


People Management

  • Responsible for managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
  • Managers deliver success through empowerment and accountability by modelling, coaching, and caring.
  • Model - Live our culture; Embody our values; Practice our leadership principles.
  • Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn
  • Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.

Strategic Initiatives

  • Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
  • Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes.
  • Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities.
  • Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner. Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers
  • Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape
  • Synthesizing industry knowledge and external threat intelligence into actionable business communication
  • Interface closely with and influence security product owners
  • Drive the evolution of both proactive and reactive detection and investigation capabilities

Business Operations

  • Maintain a profitable business while developing a strategy for significant growth
  • Influence product direction through customer experience and feedback of product capabilities during crisis
  • Engage directly with customers as a member of the engagement team, providing leadership and oversight to ensure profitability, high customer satisfaction, and operational excellence
  • Ensure delivery alignment with sales, and prioritize capacity and readiness planning against demand
  • Serve as liaison between technical response and the business to minimize the impact of an incident to the customer
  • Maintain business operations: Deliver against metrics, KPIs and other leading delivery operational and health indicators for our business unit. Responsible for technical and executive level reports on incident response issues.
  • Design, document, and implement detection and incident response processes, procedures, guidelines, and solutions. This involves operation and continually improving existing DART process, as well as the development of new processes in response to evolving threats and business requirements.
  • Ability to apply entrepreneurial and innovative mindset and attitude to adapt to the speed and agility needed for evolving business demands.
    Excellent time management, writing and communication skills
  • Participating in a follow-the-sun on-call rotation
  • Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business. This is a global position. Off-time zone hours and weekend work is highly likely.


Minimum / Required Qualifications:

Ideal candidates should possess experience along with the following:

  • Experience working in a Managerial role leading and developing teams
  • Manage customer engagements escalations to ensure customer satisfaction
  • Advanced technical degree or equivalent experience
  • Expert understanding of security technology and implementation principles with a focus on the cyber threat landscape
  • Executive presence, ability to influence senior IT and Global Risk leaders, CISO, CTO, CIOs, along with strong oral and written communication, organization and interpersonal skills
  • Experience leading a global cross-functional team

Additional / Preferred Qualifications:

Experience with some of the following is a distinct advantage:

  • Demonstrated history of leading teams of Security threat hunting analysts, engineers and consultants to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases
  • Knowledge of the legal and regulatory landscape related to security and privacy in an international environment
  • Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures
  • Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale
  • International consulting experience is a plus

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Company benefits

Wellbeing allowance
Health insurance
Dental coverage
Gym membership
Mental health platform access
Buy or sell annual leave
Shared parental leave
Matched pension contribution
Charity donation scheme
Employee assistance programme
Employee discounts
Volunteer days
Fertility treatment leave
Open to compressed hours
Open to job sharing
Fertility benefits
Enhanced sick pay
Enhanced sick days
Compassionate leave
Travel insurance
20 days annual leave + bank holidays
Enhanced maternity leave
Enhanced paternity leave
Adoption leave
Childcare credits
Carer’s leave
Cycle to work scheme
Faith rooms
Annual bonus
Annual pay rises
Company car
Open to part-time employees
Pregnancy loss leave
Life insurance
Equity packages
Financial coaching
Relocation packages
Employees are very happy with their working location freedom
Employees are very happy with the flexibility in the hours they work
Employees are largely happy with the benefits their company offers
Work-life balance
Employees feel that they can switch off quite easily from work
Role modelling
Employees feel that most people work flexibly
Employees feel that they can mostly manage how they get their own work done

Working at Microsoft UK

Company employees

Globally: 220,000

Gender diversity (male:female)


Office locations

London, Reading, Cambridge, Romsey, Manchester, Edinburgh

Hiring Countries

United Kingdom

Awards & Achievements

Most flexible companies

Most flexible companies

Flexa100 2024

Other jobs you might like