Incident Response Manager
Microsoft
Incident Response Manager
Redmond, Washington, United States
Save
Overview
The Microsoft Customer and Partner Solutions (MCAPS) Division unifies the commercial go-to market organization to accelerate our progress, stay true to the Microsoft mission, and empower our customers, partners, people, and Microsoft’s growth. Within MCAPS, TrIP (Trust and Integrity Protection) provides policies, guidance and oversight of risk & compliance across the MCAPS division for security, privacy, trade, anti-bribery resilience & incident response.
The Trust and Integrity Protection (TrIP) team is looking for a motivated Incident Response Manager to be a part of the Incident Response (IR) Team. In this role you will have the opportunity to work on privacy, cybersecurity, and security issues as part of a dynamic and high-impact team. Your day-to-day responsibilities include conducting detailed and comprehensive investigations and driving issues to closure. You will analyze, contain, and mitigate escalations from multiple sources, both internal and external. You will also contribute to developing innovative automation, leveraging AI responsibly, and orchestration solutions for response. As part of the job, you will collaborate with incident response partners and Microsoft privacy groups to improve our security and privacy posture.
Qualifications
RequiredQualifications:
- Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development
- OR equivalent experience.
- 2+ years of experience managing cross-functional and/or cross-team projects.
- 3+ years of hands-on experience in cybersecurity incident response, security operations, threat detection and analysis.
- Knowledge of NIST 800-171 or other U.S. Federal government incident reporting requirements.
Other Qualifications:
- Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customer and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government Clearance.
Additional / Preferred Requirements:
- CISSP (Certified Information Systems Security Professional) or equivalent Information security certification
- Cybersecurity Knowledge: Understanding of cybersecurity principles, threat landscapes, and common attack vectors
- Regulatory Compliance: Knowledge of relevant laws and regulations (e.g., GDPR, HIPAA) and their impact on incident response
- Forensics: Skills in digital forensics to investigate breaches and gather evidence
- Network Security: Proficiency in network security tools and technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and SIEM (Security Information and Event Management) systems
- Demonstrated Experience in cybersecurity, IT security, or a related field
- Cross-Functional Collaboration: Experience working with different departments, such as legal, compliance, and IT, during incident response
- Analytical Thinking: Strong problem-solving skills and the ability to analyze complex situations
- Communication: Excellent verbal and written communication skills to effectively report incidents and coordinate with stakeholders
- Attention to Detail: Meticulous attention to detail to identify and address security vulnerabilities
- Adaptability: Ability to stay calm and adapt quickly in high-pressure situations
- Experience working within a diverse organization to gain support for your ideas
- Ability to effectively multi-task and prioritize in a fast-paced environment
Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until August 12, 2025.
#AITjobs
Responsibilities
Incident Response technical program management
- Conduct detailed comprehensive triage and investigation on a wide variety of privacy/security events and implement containment and mitigation processes.
- Collaborate with internal incident response partners to drive issue containment, remediation, management and closure.
- Contribute and/or Document standard operating procedures, playbooks that support IR scenarios within scope for the TrIP IR function.
- Detect and respond to threats, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data.
- Keep up to date with industry best practices and emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive detection and issue avoidance.
- Ensure reliable and timely notification to impacted customers and/or regulators in accordance with appropriate regulations and contractual obligations.
- Conduct regular table-top/exercises and simulations with relevant parties and identify and remediate any gaps.
Operations
- Liaise with vendor teams to ensure smooth Tier 1 operation (intake) and Service Level Agreements (SLAs).
- Seek opportunities for automation and AI for process efficiencies, eliminating un-necessary workflows in Incident Response (IR).
- Use business intelligence to drive awareness, insights and trends and identify systemic and emerging themes to improve the overall security and privacy posture.
Risk and Compliance
- Partner with security and privacy risk managers on risk identification and documentation, controls identification and monitoring that ensures shift left in development practices.
- Work with analysts and engineers by observing gaps and opportunities to provide efficiencies in detection and response.
- We handle active security events and respond to threats from a variety of sources; you will be required to participate in shift and on call rotation.
- Act as a trusted advisor and influence engineering and business partners to adopt best practices, consult, ensure risks are logged, remediations are implemented to reduce security and privacy risk in the division.