Applications for this job have closed. This page will redirect to Microsoft employer page in 10 seconds.

Cybersecurity Abuse Investigations Manager


Location: Redmond, Washington

Job Type: Full time


Microsoft runs on trust, and our trusted cloud was built on the foundational principles of security, privacy, compliance, and transparency. The Microsoft Security Response Center team (MSRC) is looking for people to help us keep that promise every day. Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with? Want to help us protect Microsoft customers and their data from adversaries? We are looking for a cybersecurity leader to drive thought leadership into how we protect customers and services from those who try to abuse and misuse our services. In this role, you will leverage a mix of technical depth, engineering background, on-line services experience, and collaboration skills to help respond to threats and protect our cloud services from those who try to abuse them.

As a Principal Security Operations Engineering manager, you will lead the Microsoft Cloud Security Operations Center’s (SOC) efforts reduce abuse of our platform and services. You will work to understand how adversaries misuse and abuse our platform and relentlessly focus on maintaining customer trust in our platforms. You’ll work to empower our SOC analysts and investigators to handle threats quickly and effectively to disrupt adversaries as well as continually strive to improve our abilities to detect abuse. Most importantly, you’ll build and maintain partnerships with cloud service teams to prevent abuse patterns and increase attacker cost.

We work in a DevOps model within the security business, so we are looking to add another leader to our team who has a passion for working at scale and leading efforts to automate our way out of having to do the same thing twice. Working as a part of the Microsoft Security Response Center (MSRC), you will work to solve issues related to the latest security trends and early warning indicators, as well as help design solutions for emerging threats.

This is a unique opportunity within Microsoft to work in a dynamic team taking on complex challenges in the business. MSRC is a fast-paced team that constantly provides new opportunities to learn and grow. Come bring your technical acumen, collaboration, and automation skills to protect customers.


  • Directs adversary hunt for abuse and misuse of our services using myriad log sources, network- and host-based tools, and threat intelligence to identify the threat actors and their tools and techniques.
  • Elevate trends and mitigation strategies to leadership as appropriate and drive recommended courses of action.
  • Participate in- and contribute to- cyber threat intelligence sharing forums and platforms; organize and curate threat intelligence; form macroscopic perspective on adversaries, actors, and campaigns.
  • Oversee resourcing and prioritization on investigations into suspected compromised assets and services being leveraged in abusive activity.
  • Builds and executes strategy for investments with leadership and partners across Microsoft to ideate, implement, and evolve systems and features to combat abuse.
  • Drives outcomes and impact to meet required objectives and key results (OKRs). Accountable for measurable business impact of engineering investments and automation.
  • Contribute to security policy and standards for the business.
  • Drive fundamental improvement to the customer/partner experience in abuse scenarios
  • Learn about and integrate with partner teams’ systems and processes to combat abuse.
  • Design, develop, debug, and deliver tooling to assist the investigative and hunting process.
  • Collect, curate, and transform various data to support advanced analytic creation and investigation automation.


Required Qualifications:

  • 8+ years working in an anti-abuse/anti-fraud/anti-cybercrime role AND/OR in a field that has transferrable skills, such as: cyber security operations/management, threat intelligence, security research, security engineering, etc.).
  • 5+ years of management experience, leading teams focused on cybercrime, cybersecurity, fraud, abuse, and/or security engineering
  • Deep experience working in scaled environments using extremely large data sets to answer complex and ambiguous questions
  • Experience in creating and improving process automation and tools/systems/API integration, using Python or PowerShell.
  • Skilled in both communicating to- and influencing- technical and non-technical audiences; ability to take highly ambiguous situations, achieve clarity, and align outcomes among many participants.
  • Understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, and/or Diamond Model.
  • Leadership role in driving protect, detect and/or respond efforts to common cybersecurity attack types and patterns, including: DDOS, Phishing, Ransomware, password attacks (brute force, spraying, cred stuffing), etc.

Preferred Qualifications:

  • Working knowledge of common security, encryption, and authentication protocols such as SAML or OAUTH.
  • Experience working in large-scale cloud products: Azure, Microsoft 365, or similar competitive products in the industry
  • Exposure to security-related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.
  • Previous experience performing development and code debugging with functional or object-oriented programming such as .NET or Java.
  • Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
  • Hands-on experience with requirements definition, Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.
  • Ability to work effectively in ambiguous situations and create clarity for yourself, those around you, and leadership.
  • Comfortable working in a startup mode on a new team where there is lots of opportunity.
  • Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.