Security Response Manager

Last updated 7 days ago
Location:Redmond, Washington, Reston, Virginia
Job Type:Full Time

Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with today in hosting petabytes of business-critical customer data? We are looking for a Security Incident Response Manager with the right mix of technical depth, engineering background, on-line services experience and collaboration skills to help grow and protect Office 365 cloud services.

Microsoft 365 is at the center of Microsoft’s cloud first, devices first strategy bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations, whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government. You pass by dozens of our customers on your drive to work every day! Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services.

As a Security Incident Response Manager, you will provide coordination and leadership during information security incidents for Microsoft’s Experiences and Devices division. Your passion will show as you step into a crisis and lead teams to a successful resolution. You will be responsible for ensuring that established processes are followed, decision points are documented, all relevant parties are engaged and understand the mission, and that customers and executives are up to date. You will also participate in required meetings, activities to discuss incidents and facilitate discussion around trends and early warning indicators, as well as help design solutions to emerging threats. M365 Security is a fast-paced team that constantly provides new opportunities to learn and grow.


Core Responsibilities:

  • Analyze potential security issues and develop investigation and resolution plans
  • Facilitate implementation of established plans and procedures
  • Communicate complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner
  • Rapidly react to changing situations and develop new plans based on recent discoveries
  • Drive enhancements at every level of the OSI model to improve detection, response, and remediation

Coordinate with internal and external business partners and security teams at a deeply technical level



  • This position requires verification of US Citizenship to meet federal government security requirements.

  • The successful candidate must have an active Top Secret clearance or above and the ability to upgrade to TS SCI with Full Scope Polygraph.

  • Will require the successful candidate to maintain a TS/SCI with Full Scope Poly clearance.

  • Must pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

  • 2+ years experience working in Security Incident Response
  • 4+ years experience Information Security (infosec, secops, security PM, analyst, etc) field
  • An ability to work well under pressure while maintaining a professional image and approach.
  • Excellent communication skills both written and verbal
  • Ability to take complex topics and succinctly describe to an audience that is not deep in security.
  • Experience with security events (including large-scale breaches) is a must.
  • Strong working knowledge of security controls such as encryption, AuthN/AuthZ, PKI, HIDS, NIDS, etc.
  • Awareness of modern security related subjects and trends such as threat hunting and modeling, digital forensics, reverse engineering, phishing, and penetration testing.
  • Ability to work collaboratively with engineering teams to drive architectural changes that improve the stability and security of each environment.
  • Demonstrated success in dealing with ambiguity and problem definition under timeline constraints.
  • Strong comprehension of security trends and emerging threats to calculate risk and drive proper courses of action towards incident remediation.

Preferred Qualifications:

  • Prior experience working with the US Government or US Department of Defense preferred
  • Experience with cloud-hosted services, web-based applications, and server/service management features preferred
  • Demonstrated ability to understand and communicate technical details with varying levels of management.
  • Relevant industry certifications are a definite plus! (CISSP, Cisco, GIAC, etc.).

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.