Senior Director of Security Research - Microsoft Corporation

With over 17,000 employees worldwide, the mission of the Customer Experience & Success (CE&S) organization is to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft's products and services, ignited by our people and culture. Come join CE&S and help us build a future where customers achieve their business outcomes faster with technology that does more. The Customer Experience Architecture (CXA) organization, is an organization within CE&S dedicated to the continuous innovation of technology and process architecture to enhance the customer experience. The Senior Director of Security Research is pivotal in driving our CE&S organization's security operations and programs oversight, aligned with Microsoft's security strategy and policies. In this role, you will ensure the security and integrity of the CE&S Organization infrastructure and processes while minimizing operational disruptions to users. You will be responsible for identifying, developing, implementing, and maintaining processes aligned with Microsoft's standard security practices across the organization to reduce information and technology risks while maintaining user productivity. You will also respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. This role will directly support the CE&S Chief Technology Officer and oversee a dedicated team and collaborate with other security leads embedded in the CE&S organization. By fostering a culture of continuous improvement and proactive risk management, this role will play a critical role in safeguarding our systems and data, ultimately supporting CE&S' mission and operational goals. This role will lead a proactive strategic approach to enhancement across the security landscape, from both short-term immediate needs to longer-range strategy. This will involve developing comprehensive security frameworks and continuously raising the bar for security practices across the CE&S organization. This role is flexible in that you can work up to 100% from home. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. **Responsibilities** People Management + Managers deliver success through empowerment and accountability by modeling, coaching, and caring. + Model - Live our culture; Embody our values; Practice our leadership principles. + Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn. + Care - Attract and retain great people; Know individuals' capabilities and aspirations; Invest in the growth of others. Research, Solution, Orchestrate, and Lead + Provides direction to teams to ensure efforts are dedicated to prioritized security efforts in multiple projects in different security areas. Oversees teams researching highest priority security issues and to fully investigate cause, motivation, and impact. Collaborates across teams to appropriately address and mitigate issues. Advocates for follow through with leadership. Ensures feedback loops are active and inform future research efforts. + Ensures teams research, synthesize findings, and make recommendations aligned to key priorities for the business. Collaborates across teams, organizations, and leaders as needed to advocate for adoption of recommendations. Builds and maintains relationships with stakeholders who benefit from research insight. Drives change within the organization based on research findings. Leads team and role models contribution to professional security community. + Contributes to crafting standards to address complex security issues. Influences standards within and outside Microsoft. Provides guidance to others as needed. Leads teams to focus on highest priority issues. Guides team in developing and deploying models, best practices, and guidelines to address patterns of issues. Frames strategy for the team and empowers them to execute accordingly. + Works across multiple teams, divisions, and functional areas to support technical implementation of solutions and automation that increase the ability to harden against, detect, and mitigate issues (e.g., signature detection, malware, threat analysis, reverse engineering). + Ensures teams develop and maintain areas of expertise, expands into new areas of expertise, and shares best practices across teams. Works across Microsoft to drive strategy across the organization. Drives alignment across organizations and may have impact outside Microsoft. Drives teams to use results from research and experimentation to drive architecture or product direction. Prioritizes efforts to further develop knowledge areas needed to drive direction in the industry. + Lead effort within Microsoft CE&S to develop enterprise governance on technical indicators sharing advanced analysis and synthesis of threat data that provides high impact insights. Guides teams to use insights to identify novel areas of threat and vulnerability analysis. Drives productization of tools for standard use across teams. + Directs teams to develop data sources, including cleaning, structuring, and classifying data. Ensures teams uphold data quality standards and mitigates impact to timely and consistent access to data sources. Drives curation of sources of data and partners to develop and sustain data access across teams. + Allocates resources of team and prioritizes work, including real-time re-prioritization when needed. + Coordinates resources across groups to support the work of the team. Serves as an escalation point for conflicting priorities. Secures additional resources as priorities and strategic direction shift. **Other** + Embody our culture (https://careers.microsoft.com/v2/global/en/culture) and valuezz (https://www.microsoft.com/en-us/about/corporate-values) **Qualifications** **Required/Minimum Qualifications** + 8+ years' experience in cybersecurity, risk management, threat intelligence, secure software development lifecycle, large-scale computing, threat modeling, and/or anomaly detection + OR Doctorate in Statistics, Mathematics, Computer Science or related field. + 3+ years of people management experience. **Additional or Preferred Qualifications** + 9+ years' experience in cybersecurity, risk management, threat intelligence, secure software development lifecycle, large-scale computing, threat modeling, and/or anomaly detection + OR Doctorate in Statistics, Mathematics, Computer Science or related field + 5+ years people management experience. + Professional certifications such as CISSP, CISM, or CISA + Extensive knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST, and CIS. + Experience in developing information security policies and procedures, as well as successfully executing programs in a dynamic environment. Security Research M6 - The typical base pay range for this role across the U.S. is USD $161,600 - $286,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $209,600 - $314,400 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Microsoft will accept applications for the role until September 2, 2024. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .