Principal Security Operations Engineer - Microsoft

Do you enjoy leading in a dynamic environment with security operation engineers, data experts, software engineers, security analysts, and service engineers? Do you want to drive change and impact across Microsoft through innovation, automation, and scale? Do you have a unique combination of security, software engineering, data engineering, leadership skills and a positive / can do attitude?

Microsoft’s Edge and Platform Security Fundamentals team is responsible for securing some of Microsoft’s largest and most critical online services in Azure, Windows Update, Windows Engineering Systems, Product Release and Signing Services, Xbox Live, Microsoft Game Studios, and many more and we are looking for a security operations engineering leader to connect blue teams across Microsoft with the business of Microsoft Edge and Platform.

This role involves leading a team of security operations engineers focused on Detection Engineering, Proactive Hunt, Purple Team Testing, and collaborating deeply across EDG Security and across Microsoft to continuously improve our capabilities to surface anomalies of significance, act on them, and feed ongoing operational signal into the prioritization of proactive engineering investments.

• Lead a strong and dynamic team of security operations engineers focused on detection engineering, purple team testing, and proactive hunt.
• Engineer systems and processes to connect and scale blue team services delivered by our partner teams (Security Operations Center, Incident Response, and Investigations) across Microsoft Edge and Platform, Gaming, and Devices businesses.
• Purple team testing in partnership with our partner Offensive Security team to ensure systems focused on delivering inventory, security monitoring, incident response, analytics, software vulnerability detection, host forensics, malware analysis, and service telemetry are functioning and continuously improving.
• Own and drive process to ensure modern engineering practices, effective coding, testing, code review and creating CI/CD pipelines.

Successful candidates will have:

• 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), and/or information technology (IT) operations
• 3+ years of people management

Ideal candidates will also have:

• Strong understanding of common attacks and a history of successfully applying defensive tactics to large scale Cloud hosted services.
• Technical background in Windows, Cloud security, and Azure. 
• Strong cross-group collaboration and communication skills.
• Experience leading a team of security operations engineers.
• Experience applying systems that leverage Microsoft Defender, Sentinel, Analyst Notebooks, or equivalent SIEM solutions.
• Experience delivering services using cloud-based data analytics (eg. Azure Data Explorer, Azure Synapse, Azure Data Lake, Cosmos).
• Proven deep expertise as a blue team operator, detection engineer, and threat hunter.
• Proven competency in strategic leadership, organizational agility, cross-team collaboration, drive for results, and written and verbal communications. 
• Proven ability to build successful partnerships and drive complex cross-group collaboration.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.