Principal Cyber Investigations Manager

Microsoft 365 is at the center of Microsoft's cloud first, devices first strategy bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations, whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government. Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services.

We are seeking a Principal Cyber Investigations Manager to help us grow our team of expert security engineers to protect our customers against all threats by delivering & managing effective investigations.? Your passion for data and security, comfort with ambiguity and acceptance of the need to deliver consistently exceptional performance under high pressure, combined with your proven ability to sift through data datasets to extract valuable insights will be critical in helping us continue to successfully achieve our mission. ?This team will leverage the billions of signals surfaced across our services (Office 365, AAD, MDATP, etc.), cutting edge threat research, state of the art ML/AI and human expertise to ensure threats are stopped before they infect user machines or any of our service architecture.? This leadership position requires deep domain knowledge in threat hunting, security operations and investigations, and the capability to manage a globally distributed team of experts.

Responsibilities

• Partner across the company's security experts and build relationships with key areas where we can improve our security practices and response capabilities.

• Manage activities across all issues the team manages throughout the incident lifecycle.

• Investigate, analyze, and learn from security researchers, attackers, and real incidents in order to develop durable detection strategies across the entire kill-chain or product enhancements.

• Work with other internal and external teams to forge new and improve existing partnerships that help mature the product.

• Collaborate with researchers, coordinators, and developers to improve the protection, detection, and response capabilities of the products.

• Innovate processes, create strategies and work with partner teams to promote efficiency.

• Ensure response and investigative excellence through regular training and learnings.

Qualifications

Required/Minimum Qualifications

• 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), and information technology (IT) operations

o OR Master's Degree in Statistics, Mathematics, Computer Science or related field.

• 3+ years people management experience.

• 7+ years experience in information security

• 5+ years experience working with tools and languages like: SQL, KQL, Azure Data Explorer, Azure Data Lake, Azure Machine Learning (AML), Jupyter Notebooks, Spark, Azure Synapse, R, U-SQL, Python, ELK stack, or Splunk.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.

Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• 3+ years of experience managing a security teams over time with responsibilities across Research, Engineering Security operations, and/or Cybersecurity Investigations

• Deep understanding of Security Operations Center and Security Incident Response Team processes and procedures.

• Good working knowledge of common security protocols such as various forms of encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.

• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.

• Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams, or Power Platform.

• Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.

• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD) / Microsoft Entra, etc.

• Previous experience performing development and code debugging with functional or object-oriented programming such as .NET or Java; hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.

• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: ~~~

#CloudSoc #MSRC #CDOC #DSR #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (~~~) .