Job Description

Does protecting over 1 billion people and making the world a safer place sound exciting? Do you want to help protect customers and the Microsoft cloud from emerging threats to privacy and security? This may be the opportunity for you.


The Microsoft Security Response Center (MSRC) seeks a motivated, experienced Security Response Manager to lead the M365 Security response team. Microsoft 365 brings together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations, whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government.  Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services. As the company accelerates our transformation in a mobile-first, cloud-first world, there has never been a more exciting time to be part of the MSRC. We strive to always serve our customers at the highest-level while being constantly agile and adopting a growth mindset mentality that will transform Microsoft.  



In this role you will work to help identify risks to the M365 business and customers. You will investigate and respond to issues, extract learnings from incidents, and partner with peers to improve prevention, detection, and response mechanisms in the future.   These responsibilities include: 

  • Build and lead a team of talented security responders, working closely with investigators and security engineering across M365 (e.g. Office ATP, Office 365, AAD and MDATP) as well as across Microsoft Security(Azure, Corporate Security, etc) 
  • Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
    • Model - Live our culture; Embody our values; Practice our leadership principles.
    • Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
    • Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes  
  • Partner across the company's security experts and build relationships with key stakeholders that can improve our security practices and response capabilities. 
  • Manage activities across all issues throughout the incident lifecycle. 
  • Work with other internal and external teams to build new and improve existing partnerships that help improve our products and experiences for all customers. 
  • Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products 
  • Innovate processes, create strategies and work with partner teams to promote efficiency and standardization. 
  • Build metrics and KPI for existing projects to monitor progress. This includes creating reports, executive summaries, and updates for leadership team. 




Required/Minimum Qualifications

  • 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), and information technology (IT) operations
    • OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
  • 3+ years’ people management experience, including managing a security team over time with responsibilities across engineering, security operations, and/or cybersecurity investigations. 
  • 2+ years’ experience with Security Operations Center and Security Incident Response Team processes and procedures. 


Additional or Preferred Qualifications

  • Understanding of Security Operations Center and Security Incident Response Team processes and procedures. 
  • Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc. 
  • Proven success driving change based on learnings from incidents: Post Incident Reviews (PIR) / After-Action Reports / Post-Mortems, etc. 
  • Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking. 
  • Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc. 
  • Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc. 
  • Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based. 
  • Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills. 
  • CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. 


  Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.


Microsoft has different base pay ranges for different work locations within the United States, which allows us to pay employees competitively and consistently in different geographic markets (see below). The range above reflects the potential base pay across the U.S. for this role (except as noted below); the applicable base pay range will depend on what ultimately is determined to be the candidate’s primary work location. Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Base pay ranges are reviewed and typically updated each year. Offers are made within the base pay range applicable at the time.


At Microsoft certain roles are eligible for additional rewards, including merit increases, annual bonus and stock. These awards are allocated based on individual performance. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role. Benefits/perks listed here may vary depending on the nature of employment with Microsoft and the country work location. U.S.-based employees have access to medical, dental, and vision insurance, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others. U.S.-based employees also receive, per calendar year, up to 10 scheduled paid holidays, and up to 80 hours Holistic Health Time Off. Additionally, hourly/non-exempt employees accrue up to 120 hours paid vacation time, and salaried/exempt employees have Discretionary Time Off (DTO).  


Our Commitment to Pay Equity

We are committed to the principle of pay equity – paying employees equitably for substantially similar work.  To learn more about pay equity and our other commitments to increase representation and strengthen our culture of inclusion, check out our annual Diversity & Inclusion Report. ( )


Understanding Roles at Microsoft​

The top of this page displays the role for which the base pay ranges apply – Security Operations Engineering M5.

The way we define roles includes two things: discipline (the type of work) and career stage (scope and complexity).  The career stage has two parts – the first identifies whether the role is a manager (M), an individual contributor (IC), an admin-technician-retail (ATR) job, or an intern. The second part identifies the relative seniority of the role – a higher number (or later letter alphabetically in the case of ATR) indicates greater scope and complexity.



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.


Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.


Job Overview
Job Posted:
1 year ago
Job Type
Full Time
Job Role
Bachelor Degree
8+ Years
  • Founded In
    Mar 01, 2023
  • Company Size
    500+ Members
  • Website Learn More