The mission of Microsoft Digital is to power, protect, and transform Microsoft as the voice of our digital transition in the market. ​​​​​​As part of Microsoft’s Cloud + AI Group, we are responsible for building, managing, and securing the platform, products, processes, and services that powers Microsoft. We build, maintain, and implement a cloud-first approach to our technology and experiences, from custom-built business solutions developing our campus of the future and our productivity and collaboration experiences like Teams and SharePoint, to horizontal 3rd party solutions like SAP and Adobe. As a steward of Microsoft and our customer’s data, a core function of Microsoft Digital is ensuring the security of every aspect of the business. Microsoft Digital is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. Microsoft Digital’s charter is also to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services. As customer zero, we deploy these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more! 

Microsoft is seeking an experienced Cyber Threat Hunt Manager to join the Digital Security & Resilience (DSR) Team. As part of this highly collaborative and dynamic organization, you will have the opportunity to lead and work with top talent, some of the newest technologies, and influence security best practices at Microsoft.  

In the role of Threat Hunt Manager, you will lead a security hunt team focused on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries. This work requires real-time problem solving, technical curiosity, excellent judgment, and communications skills. You will perform technical analysis, document findings, and recommendations, develop playbooks, provide timelines, and deliver updates and other communications to a wide range of stakeholders. 

You will also be responsible for attracting and retaining industry-leading talent, developing long-term workforce plans, and driving continuous improvements into the program.

Preferred work locations:

Redmond-WA

Reston-VA

Responsibilities

Key responsibilities: 

Provide leadership to hunt team personnel. Serve as a mentor, coach, and facilitator to develop an industry-leading cybersecurity team.

Work with other security leaders to plan and collaborate on cross-company exercises.

Coordinate response activities across teams or directly with stakeholders to identify and remediate potential threats.

Plan and coordinate proactive hunt campaigns and blue / red team exercise.

Communicate status, results, and summaries of security incidents to executive leaders.

Create clarity and generate energy within the team; deliver success for DSR.

Build and maintain positive relationships with partner teams, creating opportunities to contribute to the success of others or leverage their efforts to achieve internal goals.

Qualifications

Knowledge, experience and skills required:

BS/BA in Computer Science or equivalent security operations experience.

4+ years in hunt team leadership or similar information security operations role.

Demonstrated experience in computer security-related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, Insider Threat, and web-focused security topics.  

Knowledge about modern security-related subjects and trends, for example, Advanced Persistent Threat (APT), Spear Phishing, and credential compromise techniques.  

Preferred, not required:

Knowledge of a cloud computing environment such as Microsoft Azure would be an advantage.

3+ years of Security Operations Center (SOC) experience

CISSP or related GIAC certifications

The ideal candidate will have experience in a highly collaborative team environment, Security Operations Center or equivalent experience in enterprise-scale services and platforms, technical depth in a highly dynamic, complex environment.   

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.