Security Operations Engineering Manager

Share job

Are you passionate about tackling some of the most complex challenges in digital security today? Do you thrive in an environment that values continuous learning, where you're encouraged to unlearn outdated practices and embrace new skills every day? Are you motivated by the opportunity to influence the security posture of an entire organization daily?

If so, we invite you to explore this exciting opportunity.

We are looking for a skilled with a role focused on managing a team of detection and response to threats against Microsoft’s environment. This role is part of Microsoft’s CDO – Cyber Defense Operations.

Responsible for the managing installation, maintenance, support and optimization of all security-related components Facilitate incident response and forensic investigations. Apply countermeasures to mitigate evolving security threats Work with other teams to ensure platform hardening, security maintenance, and vulnerability remediation procedures are followed Special Requirements Proficiency in a scripting language, preferably perl, PHP, or python a plus Must demonstrate basic knowledge of knowledge of Linux, Mac, and Strong understanding of Windows operating systems and networking protocols.

About CDO - Cyber Defense Operations. An organization led by Microsoft’s Chief Information Security Officer enables Microsoft to deliver the most trusted devices and services. CDO’s vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework.

Experience

• Over 15 years of experience in Security Operations Center (SOC) environments, including 10 years as a Security Analyst and 5 years in a leadership role managing SOC teams.
• Proven track record in managing security incidents, especially involving third-party vendors or supply chain ecosystems
• Experience working in or with a Security Operations Center (SOC), including familiarity with SIEM tools, threat intelligence platforms, and incident response framework.

.Technical Skills

• Deep understanding of security incident lifecycle management, including detection, triage, containment, eradication, recovery, and post-incident review (PIR).
• Familiarity with cloud security (Azure) identity and access management, and vulnerability management.
• Ability to interpret and apply regulatory and compliance requirements (e.g., GDPR, ISO 27001, FedRAMP) to incident response processes

Leadership & Communication

• Strong leadership and team-building skills, with experience managing distributed or cross-functional teams.
• Excellent communication skills for engaging with executives, legal, compliance, and external vendors during high-severity incidents.
• Experience in conducting tabletop exercises and training programs to ensure team readiness.

Operational Excellence

• Familiarity with incident tracking systems and ability to drive continuous improvement through lessons learned
• Experience in developing and maintaining incident response playbooks and escalation protocol

Additional Mandatory Qualifications:

• Over 15 years of experience in Security Operations Center (SOC) environments, including 10 years as a Security Analyst and 5 years in a leadership role managing SOC teams.
• In depth Azure Cloud network and security knowledge is a must.
• In-depth knowledge of Operating systems (Windows, Linux and MAC OS).
• Knowledge on Network (LAN and WAN) to understand the threat landscape.
• Knowledge on KQL is added advantage.
• Ability to use AI and ML tools to perform day to day tasks.
• Security certification Cysa+, CISM and Network Certification: CCNA will be added advantage.

Incident Response Leadership

• Serve as the escalation point and decision-maker for all Cloud/Azure security incidents.
• Oversee the full incident lifecycle: detection, triage, investigation, containment, remediation, and post-incident review (PIR).
• Coordinate with internal stakeholders (e.g. engineering, legal, compliance, communications) and external vendors during incident handling

Team Management & Development

• Lead, mentor, and grow a team of around 10 security engineers, ensuring coverage for 24/7 incident response rotations.
• Define team goals, performance metrics, and development plans aligned with organisational security objectives.
• Foster a culture of continuous learning, collaboration, and operational excellence.

Process & Tooling Ownership

• Own and evolve the Cloud/Azure incident response playbook, ensuring alignment with broader security SOPs and compliance frameworks.
• Drive automation and tooling improvements for incident detection, triage, and reporting.
• Ensure all incidents are documented in accordance with internal standards and regulatory requirements.

Communication & Reporting

• Act as the primary liaison for executive and customer-facing communications during high-severity 3P incidents
• Deliver regular updates to leadership on incident trends, root causes, and mitigation strategies.
• Lead post-incident reviews and drive systemic improvements across engineering and vendor ecosystems.

Compliance & Governance

• Ensure incident handling aligns with internal policies and external obligations (e.g. data breach notification laws, contractual SLAs).
• Partner with legal and compliance teams to assess regulatory exposure and coordinate disclosures when necessary.