Senior Service Engineering Manager - CTJ

Last updated 13 days ago
Location:Reston, Virginia
Job Type:Full Time

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

The Digital Security and Risk Engineering (DSRE) team is looking for a highly qualified security professional to work on a highly collaborative, dynamic and high-impact security team. The Security Operations and Incident Response Team is looking for a well-seasoned and motivated individual to perform outstanding work as a Service Engineering Manager to lead our Security Operations team supporting Microsoft’s specialized Government and corporate networks.

The Manager in this role will oversee the security analyst team focused on monitoring, technical analysis, incident handling, and detection tuning. You will collaborate with security teams, product teams, service management and problem management teams across the company to identify and implement continuous improvements focused on availability, reliability, and efficacy of the service. The successful candidate will demonstrate deep operational engineering expertise, troubleshooting capabilities, and leadership during a crisis.


  • Provide supervision for employees, incident management, technical analysis, monitoring and detection support functions in a 24X7 environment.
  • Drive prioritization of significant security events across the operations center and incident response teams
  • Enable the team for precision of alerting, speed in triage, and efficiency in response. Drive continuous improvement into the product, process, and technology through analysis and solution design.
  • Guide and/or manage technical response during critical incidents.
  • Accountable for operational performance including real-time SLA management, development of data driven business metrics, escalation, and communication.
  • Champion security through participation in product reviews, service health reviews and cross-team product group engagements


Knowledge, experience and skills required:

  • Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
  • 3+ years Security Operations, Incident Response, or Engineering experience in a 24 x 7 x 365 enterprise environment
  • 3+ years’ experience with security tools such as NIDS/NIPS, HIDS/HIPS, SIEM, SOAR, security analysis tools.
  • 2 + years demonstrated leadership and or management experience.
  • Demonstrated strategic thinking, quantitative and analytical skills, team leadership, and collaboration.
  • Excellent problem resolution, judgment, negotiating and decision-making skills
  • Excellent written and oral communication skills. Able to communicate to a variety of audiences including engineers, executive management and customers.
  • Able to manage and execute shifts in a 24x7x365 environment.
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
    • Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements
    • Candidates must have an Active Top Secret clearance and be willing to upgrade to TS/SCI (with polygraph) or have an Active TS/SCI and be willing to upgrade to TS/SCI (with polygraph). This role will require candidates to maintain the TS/SCI (with polygraph) clearance.
    • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Preferred, not required:

  • Collaborative/Administrative Skills:
    • Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
    • Ability to effectively multi-task and prioritize in a fast-paced environment
    • Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations
    • CISSP or related GIAC certifications
    • Ability to read, write, configure code, and design end-to-end service telemetry, alerting and self-healing capabilities for platforms
    • Experience with predictive analysis of service behavior through telemetry
    • Experience working with software engineering team members and ownership of translating customer and technical requirements into service architecture to meet Quality of Service Expectations
    • Ability to work with service teams and own Live Site Reviews and corrective action plans
    • Experience owning the Service in backlog discussions & standups to establish appropriate prioritization of Live Site requirements
  • Technical Skills:
    • Experience in analyzing a wide variety of network/host security logs to detect and resolve security issues
    • Experience with Cloud Computing and technology
    • Understanding of threat analysis model’s: Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
    • Understanding of system events and host level analysis of Windows, MacOS, and Linux operating systems.
    • Background in malware analysis
    • Experience with Python, Jupyter Notebooks, PowerShell, or R with RESTful APIs

The ideal candidate will have experience in a team environment, experience in a Security Operations Center, Incident Response, or equivalent experience in enterprise scale services and platforms. Experience in development of security tools and automation to support security operations and hunting. Possess technical depth in highly dynamic, complex environment.


Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.