We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Microsoft jobs

Director of Security Research and Incident Response

Microsoft
United States, Texas, Irving
7000 State Highway 161 (Show on map)
Sep 26, 2025
OverviewWith more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft's products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers' expectations in every interaction, whether in-product, digital, or human-centered. CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft's portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world.The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty. Microsoft Incident Response - the Detection and Response Team (DART) - part of the Customer Experience & Success (CE&S) organization - is seeking a Director of Security Research and Incident Response to lead its global incident response team. DART is Microsoft's elite cybersecurity task force, providing holistic incident response and investigation services to customers facing advanced cyber threats. In this role, you will manage and mentor a worldwide team of security engineers and responders, coordinate complex customer investigations, and drive the development of DART's response capabilities in collaboration with other Microsoft security partners. You will operate in a fast-paced, dynamic environment, tackling sophisticated security incidents across cloud and on-premises environments on a daily basis. This role is positioned at the forefront of Microsoft's Incident Response services. The Director of Security Research and Incident Response will be expected to embody Microsoft's culture of growth mindset, integrity, and inclusion, nurturing their team and collaborating across the company to protect our customers. If you are passionate about helping organizations counter advanced cyber adversaries and have the leadership acumen to drive a global response team, this role offers a unique opportunity to make an impactful difference This role is flexible in that you can work up to 100% from home.Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
ResponsibilitiesPeople Management Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers Managers deliver success through empowerment and accountability by modeling, coaching, and caring. Model - Live our culture; Embody our values; Practice our leadership principles. Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn Care - Attract and retain great people; Know each individual's capabilities and aspirations; Invest in the growth of others. Strategic Initiatives Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft's Partner ecosystem Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes. Develop and maintain objectives, metrics and KPIs supporting the department's strategic direction and continuously improve incident response technical capabilities. Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner. Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer's security posture across the overall technology landscape Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques. Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements. Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats. Leverage input from Threat Intelligence team, including strategic, operational, and tactical intelligence to benefit containment and hardening of customer environments, while keeping knowledge and skills current with the rapidly changing threat landscape. Similarly, share threat data with threat intelligence and engineering teams and drive research of threat actors and threat activity. Interface closely with and influence security product owners Drive the evolution of both proactive and reactive detection and investigation capabilities Business Operations Maintain a profitable business while developing a strategy for significant growth Influence product direction through customer experience and feedback of product capabilities during crisis Engage directly with customers as a member of the engagement team, providing leadership and oversight to ensure profitability, high customer satisfaction, and operational excellence Ensure delivery alignment with sales, and prioritize capacity and readiness planning against demand Serve as liaison between technical response and the business to minimize the impact of an incident to the customer Maintain business operations: Deliver against metrics, KPIs and other leading delivery operational and health indicators for our business unit. Responsible for technical and executive level reports on incident response issues. Design, document, and implement detection and incident response processes, procedures, guidelines, and solutions. This involves operation and continually improving existing DART process, as well as the development of new processes in response to evolving threats and business requirements. Ability to apply entrepreneurial and innovative mindset and attitude to adapt to the speed and agility needed for evolving business demands. Excellent time management, writing and communication skills Participating in a follow-the-sun on-call rotation Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business. This is a global position. Off-time zone hours and weekend work is highly likely. Position location is flexible.
Applied = 0
MORE JOBS LIKE THIS

(web-759df7d4f5-28ndr)