Cybersecurity Manager - Detection and Response

Job Description

Overview

With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers’ expectations in every interaction, whether in-product, digital, or human-centered. CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft’s portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world.

The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty.

Microsoft Incident Response – the Detection and Response Team (DART) – part of the Customer Experience & Success (CE&S) organization – is seeking a Cybersecurity Incident Response Manager to lead its global incident response team. DART is Microsoft’s elite cybersecurity task force, providing holistic incident response and investigation services to customers facing advanced cyber threats. In this role, you will manage and mentor a worldwide team of security engineers and responders, coordinate complex customer investigations, and drive the development of DART’s response capabilities in collaboration with other Microsoft security partners2. You will operate in a fast-paced, dynamic environment, tackling sophisticated security incidents across cloud and on-premises environments on a daily basis.

This role is positioned at the forefront of Microsoft’s Incident Response services. The Cybersecurity Incident Response Manager will be expected to embody Microsoft’s culture of growth mindset, integrity, and inclusion, nurturing their team and collaborating across the company to protect our customers. If you are passionate about helping organizations counter advanced cyber adversaries and have the leadership acumen to drive a global response team, this role offers a unique opportunity to make an impactful difference. This is a global position. Off-time zone hours and weekend work is highly likely. Position location is flexible within the United Kingdom.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

People Management

• Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
• Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
• Model - Live our culture; Embody our values; Practice our leadership principles.
• Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn
• Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.

Strategic Initiatives

• Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
• Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes.
• Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities.
• Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner. Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers.
• Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape.
• Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques. Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements.
• Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats.
• Leverage input from Threat Intelligence team, including strategic, operational, and tactical intelligence to benefit containment and hardening of customer environments, while keeping knowledge and skills current with the rapidly changing threat landscape.
• Similarly, share threat data with threat intelligence and engineering teams and drive research of threat actors and threat activity.
• Interface closely with and influence security product owners.
• Drive the evolution of both proactive and reactive detection and investigation capabilities.

Business Operations

• Maintain a profitable business while developing a strategy for significant growth.
• Influence product direction through customer experience and feedback of product capabilities during crisis.
• Engage directly with customers as a member of the engagement team, providing leadership and oversight to ensure profitability, high customer satisfaction, and operational excellence.
• Ensure delivery alignment with sales, and prioritize capacity and readiness planning against demand.
• Serve as liaison between technical response and the business to minimize the impact of an incident to the customer.
• Maintain business operations: Deliver against metrics, KPIs and other leading delivery operational and health indicators for our business unit. Responsible for technical and executive level. reports on incident response issues.
• Design, document, and implement detection and incident response processes, procedures, guidelines, and solutions. This involves operation and continually improving existing DART process, as well as the development of new processes in response to evolving threats and business requirements.
• Ability to apply entrepreneurial and innovative mindset and attitude to adapt to the speed and agility needed for evolving business demands.
• Excellent time management, writing and communication skills
• Participating in a follow-the-sun on-call rotation
• Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business.

This is a global position. Off-time zone hours and weekend work is highly likely. Position location is flexible within the United Kingdom.

Qualifications

Required Qualifications:

• Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field,
• OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection and several years of experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection,
• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.

Proven People Management experience:

• Many years of people management and/or informal/indirect team leadership experience.
• Strong analytic, qualitative, and quantitative reasoning skills.
• Track record of successfully managing a technical business group and maintaining consistent growth.
• Recognized as a strategic leader who can hire, retain and motivate diverse quality talent.
• Experience leading both a services organization and product development function.
• Develop business strategy and provide technical thought leadership.
• Manage customer engagements escalations to ensure customer satisfaction.
• Advanced technical degree or equivalent experience.
• Expert understanding of security technology and implementation principles with a focus on the cyber threat landscape.
• Strong oral and written communication, organization and interpersonal skills.
• Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
• Executive presence, ability to influence senior IT and Global Risk leaders, CISO, CTO, CIOs.
• Experience leading a global cross-functional team.
• Experience with the following: opportunity identification, customer advocacy, conflict resolution, competitor intelligence, challenger mindset, business acumen and analysis, executive presence, strategic technical planning, technology industry knowledge, trusted technical advisor

Related work experience with some of the following is a distinct advantage:

• Demonstrated history of leading teams of Security threat hunting analysts, engineers and consultants to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases.
• Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance.
• Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures.
• Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale.
• Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques
• International consulting experience is a plus.
• Eligibility for a government security clearance is a plus.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.