Director of Security

You will own Application and Operational Security assurance and work directly with Engineering to implement and evolve the security posture of the organization and all of its products, including Consumer Copilot, Bing, MSN and Microsoft Advertising. The ideal candidate will have a deep understanding of the evolving threat landscape and a proven track record in implementing robust security measures. You will be a proven manager, capable of defining vision and executing technical security strategy through your leads and individual contributors.

You will be accountable for creating actionable guidance, secure baseline configuration and assist engineering teams in the deployment and ongoing management of a standard and secure infrastructure. You will ensure adequate resources and attention is dedicated to fixing vulnerabilities which expose the organization to increased risk of malicious activities.

Why Join Us:

• Be part of a team that is at the forefront of cybersecurity innovation. Own the strategy and vision for the security of large scale consumer products from Microsoft.
• Contribute to the protection of Microsoft’s digital ecosystem and earn the trust of our customers.
• Work in a dynamic and collaborative environment with opportunities for growth and development.
• If you are passionate about cybersecurity and have the expertise to drive strategic security initiatives, we encourage you to apply for this exciting opportunity.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required Qualifications:

• Bachelor's Degree AND 8+ years experience in product/service/project/program management or software development
  • OR equivalent experience.
• 4+ years people management experience.
• 6+ years of experience in cybersecurity, with a focus on planning and execution of security assurance programs (application and operational).
• 4+ years of experience in establishing security baselines for infrastructure, identifying and mitigating operational security risk
• 4+ years of experience with implementation, coding, scripting and automating Azure (or equivalent) cloud infrastructure and services.

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP) Certification, Security+ Certification, or relevant certification.
• Experience managing large scale cybersecurity assurance and operational security programs preferably including online service development.
• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.
• Experience with common security libraries, security controls, and common security flaws.

Product Management M5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until January 7, 2025. 

#MicrosoftAI

• Application and Operational Security Execution: Assist in the development and implementation of comprehensive security strategies aligned with the Secure Future Initiative (SFI) and beyond. Manage a team to deliver technical execution with engineering, set policy and build tooling and automation to enforce Security by Default baselines within Microsoft AI environments. Identify opportunities to continuously improve controls and monitoring for Secure Operations. Lead direction on the assurance programs that align with Microsoft’s Security Development Lifecycle, evolving the existing programs in a more modern security direction.
• Security Project Orchestration: Oversee large-scale security project rollouts across the organization. Coordinate with various teams to ensure seamless execution of security initiatives. You will own management of security baseline design and execution, providing direct technical support and advice to engineering, providing reporting and summaries to leadership and generally delivering on projects to identify and mitigate security risks.
• Cybersecurity and Operational Program: Adopt and oversee cybersecurity guidelines and standards, coordinate with compliance teams, and execute attestations. Ensuring the adoption of Implementation Guidance issued through the Regulatory Governance program, as well as other compliance guidance, Council decisions, and applicable standards and controls. Including oversight of and coordination with compliance teams, and execution of necessary attestations and related records.