CrawlJobs Logo
Microsoft Corporation Logo Microsoft Corporation · IT - Software Development

Cybersecurity Manager - Detection and Response

United Kingdom, Multiple Locations · Job Posted March 19, 2026
Apply Position
Job Link Share

Job Description

Microsoft Incident Response – the Detection and Response Team (DART) – part of the Customer Experience & Success (CE&S) organization – is seeking a Cybersecurity Incident Response Manager to lead its global incident response team. DART is Microsoft’s elite cybersecurity task force, providing holistic incident response and investigation services to customers facing advanced cyber threats. In this role, you will manage and mentor a worldwide team of security engineers and responders, coordinate complex customer investigations, and drive the development of DART’s response capabilities in collaboration with other Microsoft security partners2. You will operate in a fast-paced, dynamic environment, tackling sophisticated security incidents across cloud and on-premises environments on a daily basis.

Job Responsibility

  • People Management: Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
  • Managers deliver success through empowerment and accountability by modeling, coaching, and caring
  • Strategic Initiatives: Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
  • Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes
  • Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities
  • Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner
  • Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers
  • Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape
  • Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques
  • Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements
  • Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats
  • Leverage input from Threat Intelligence team, including strategic, operational, and tactical intelligence to benefit containment and hardening of customer environments, while keeping knowledge and skills current with the rapidly changing threat landscape
  • Similarly, share threat data with threat intelligence and engineering teams and drive research of threat actors and threat activity
  • Interface closely with and influence security product owners
  • Drive the evolution of both proactive and reactive detection and investigation capabilities
  • Business Operations: Maintain a profitable business while developing a strategy for significant growth
  • Influence product direction through customer experience and feedback of product capabilities during crisis
  • Engage directly with customers as a member of the engagement team, providing leadership and oversight to ensure profitability, high customer satisfaction, and operational excellence
  • Ensure delivery alignment with sales, and prioritize capacity and readiness planning against demand
  • Serve as liaison between technical response and the business to minimize the impact of an incident to the customer
  • Maintain business operations: Deliver against metrics, KPIs and other leading delivery operational and health indicators for our business unit
  • Responsible for technical and executive level reports on incident response issues
  • Design, document, and implement detection and incident response processes, procedures, guidelines, and solutions
  • This involves operation and continually improving existing DART process, as well as the development of new processes in response to evolving threats and business requirements
  • Ability to apply entrepreneurial and innovative mindset and attitude to adapt to the speed and agility needed for evolving business demands
  • Excellent time management, writing and communication skills
  • Participating in a follow-the-sun on-call rotation
  • Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business

Requirements

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection and several years of experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Many years of people management and/or informal/indirect team leadership experience
  • Strong analytic, qualitative, and quantitative reasoning skills
  • Track record of successfully managing a technical business group and maintaining consistent growth
  • Recognized as a strategic leader who can hire, retain and motivate diverse quality talent
  • Experience leading both a services organization and product development function
  • Develop business strategy and provide technical thought leadership
  • Manage customer engagements escalations to ensure customer satisfaction
  • Advanced technical degree or equivalent experience
  • Expert understanding of security technology and implementation principles with a focus on the cyber threat landscape
  • Strong oral and written communication, organization and interpersonal skills
  • Knowledge of the legal and regulatory landscape related to security and privacy in an international environment
  • Executive presence, ability to influence senior IT and Global Risk leaders, CISO, CTO, CIOs
  • Experience leading a global cross-functional team
  • Experience with the following: opportunity identification, customer advocacy, conflict resolution, competitor intelligence, challenger mindset, business acumen and analysis, executive presence, strategic technical planning, technology industry knowledge, trusted technical advisor

Nice to have

  • Related work experience with some of the following is a distinct advantage: Demonstrated history of leading teams of Security threat hunting analysts, engineers and consultants to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases
  • Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance
  • Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures
  • Cloud SaaS and PaaS experience and an understanding of investigations in those environments and leveraging cloud for investigation scale
  • Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques
  • International consulting experience is a plus
  • Eligibility for a government security clearance is a plus
Microsoft Corporation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cybersecurity Manager - Detection and Response

8 matching positions

Cybersecurity Consultant - MDR (Managed Detection and Response)

NTT DATA is one of the world's largest global security service providers, partne...
Location
Location
Romania , Sibiu
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity or related field
  • Minimum 5-7 years of experience in IT Cybersecurity
  • Proficient handling of specific tools like EDRs, SIEMs and network devices such as firewalls, IDS/IPS
  • Very good knowledge of Cloud Security solutions in Azure. Other Cloud variants can be a plus
  • Knowledge of security models, industry best practices and generally accepted information security principles
  • Hands-on experience with SIEM systems like Microsoft Sentinel- Palo Alto XSIAM, Splunk and other are an advantage
  • Technical understanding of common Cloud IT systems such as EntraID, O365, AD, Exchange
  • Understanding of cybersecurity domains such as network security, EDR, anomaly detection
  • Understanding of MITRE ATT&CK Framework
  • Ability to perform network traffic analysis and design use cases based on the findings
Job Responsibility
Job Responsibility
  • Building strong, meaningful “trusted advisor” relationships with clients on behalf of NTT
  • Client-facing and internal communication
  • Support in optimizing detection, response, mitigation, and reporting of cybersecurity threats within customer environment
  • Develop and optimize detections and automations in Cybersecurity MDR (MS Sentinel) solutions
  • Design and improve Cybersecurity processes, procedures, and training programs aligned with organizational risk and industry standards
  • Act as Subject Matter Expert (SME) in Cybersecurity, with a strong operational focus on MDR solutions
  • Act as main Trusted Cybersecurity Advisor for one or more customers
  • Confer expertise in areas of Network/Perimeter/Cloud Sercurity, SecOps, Threat Intelligence and Detection capabilities
  • Propose recommendations for enhancing the customer’s IT security posture and reducing identified risks
  • Staying updated with the latest security trends and technologies to adapt strategies accordingly
What we offer
What we offer
  • Smooth integration and a supportive mentor
  • Pick your working style: choose from Remote, Hybrid or Office work opportunities
  • Our projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions or accredited Coaching School
  • Epic parties or themed events
Read More
Arrow Right

Global Detection and Response Lead

We are seeking a Global Detection and Response Lead to own and scale OpenAI’s cy...
Location
Location
United States , San Francisco
Salary
Salary:
347000.00 - 490000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in cybersecurity with deep expertise in detection engineering, incident response, and security operations
  • Active U.S. Government security clearance (Top Secret) or willingness and eligibility to obtain one
  • Mission-oriented, have unimpeachable integrity, and are passionate and motivated to detect and respond to adversaries in a highly complex, fast-paced environment
  • Deep experience building and leading detection and response, instrumentation/observability, and threat intelligence teams across a global footprint, including airgapped and sovereign environments
  • Stellar leadership skills, and a demonstrated history of driving durable, and continuous improvements to programs, processes, and people
  • Exceptional written and verbal communication skills, can remain calm under pressure, and can effectively run command of security incidents involving numerous stakeholders across a diverse gamut of teams, expertise, and seniority
  • Deep expertise in modern observability stacks (e.g., SIEM, data lakes, EDR, cloud telemetry, logging) and detection primitives
  • Understand modern adversary tradecraft (TTPs) and have demonstrated experience and expertise translating it into practical detection strategies and response actions
Job Responsibility
Job Responsibility
  • Oversee global detection and response operations, including continuous monitoring, triage, investigation, containment, and remediation of security events across a diverse set of networks and infrastructure
  • Lead, mentor, and directly manage several small teams of senior engineers across observability, detection and response, and threat intelligence
  • Hire and scale these functions deliberately and proportionately as OpenAI’s compute footprint and platform ambitions grow
  • Ensure world-class operational rigor and readiness through management of incident playbooks, on-call and escalation paths, tabletop exercises, and continuous improvement of response quality and speed
  • Improve detection quality and coverage by partnering with engineering teams to ensure critical telemetry is available, reliable, and actionable across cloud, corporate, and production environments
  • Deeply partner across all of OpenAI to evaluate and respond to emergent security concerns in a frontier AI lab environment, such as detection and response strategies for agents operating across infrastructure at scale
  • Build a world-class security program capable of withstanding tier-1 adversaries by maximally embracing our own models to solve frontier security problems
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Senior Detection and Response Engineer

The Senior Detection and Response Engineer is a critical technical role responsi...
Location
Location
United States
Salary
Salary:
128000.00 - 161000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
  • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
  • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
  • Proven experience designing and implementing SOAR platform architecture from concept to production
  • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
  • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
  • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
  • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
  • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
  • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Job Responsibility
Job Responsibility
  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
  • Lead detection strategy and architecture aligned with the Detection Quality frameworks
  • Write high-fidelity detection rules using languages like SIGMA and YARA-L
  • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
  • Conduct detection gap analysis to identify coverage opportunities across the kill chain
  • Create and maintain detection playbooks, runbooks, and comprehensive documentation
  • Perform detection quality assessments and continuous improvement initiatives
  • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
  • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
  • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
What we offer
What we offer
  • performance-based bonus
  • equity
  • a generous benefits program
  • Fulltime
Read More
Arrow Right

Manager, Cybersecurity - Process and Analytics

This role is critical for protecting the organization’s digital assets and infra...
Location
Location
United States , Overland Park; Frisco
Salary
Salary:
126800.00 - 228700.00 USD / Year
https://www.t-mobile.com Logo
T-Mobile
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree plus 3 years of related work experience OR advanced degree with 1 year of related work experience OR combination of education and experience deemed equivalent
  • 4-7 years implementing and managing cybersecurity operations, SOC processes, and automation capabilities in a corporate environment
  • 3-7 years leading a team of cybersecurity professionals in a SOC or security operations environment
  • 4-7 years developing security analytics frameworks, dashboards, and SIEM/SOAR integrations to support data-driven security operations
  • At least 18 years of age
  • Legally authorized to work in the United States
Job Responsibility
Job Responsibility
  • Develops and implements cybersecurity operational processes and strategies, with a specific focus on building and standardizing processes that enable threat response teams to detect, investigate, and remediate incidents effectively
  • Leads a team of cybersecurity professionals in enabling SOC capabilities, monitoring security operations, and enhancing detection and response protocols
  • Drives SOC automation and AI integration initiatives to improve detection efficacy, response workflows, and operational efficiency across the security organization
  • Builds and maintains security analytics frameworks and reporting capabilities to enable data-driven decision-making, threat visibility, and SOC performance measurement
  • Leads and manages strategic cybersecurity projects, driving timelines, multi-functional collaborator alignment, and measurable security outcomes
  • Participates in the on-call incident response rotation, providing leadership, coordination, and escalation support during cybersecurity incidents outside of normal business hours
  • Also responsible for other duties/projects as assigned by business management as needed
What we offer
What we offer
  • Annual stock grant
  • employee stock purchase plan
  • 401(k)
  • free money coaches
  • medical insurance
  • dental insurance
  • vision insurance
  • flexible spending account
  • paid time off
  • paid holidays
  • Fulltime
Read More
Arrow Right

Vuln and Exposure Response Manager

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in vulnerability investigation, incident response or threat-based testing
  • Practical experience of red teaming or purple teaming, including planning, scoping and translating findings into operational change
  • Strong investigative judgement and knowledge of attacker techniques across infrastructure, cloud and web applications
  • Ability to coordinate matrix teams and influence technical and business stakeholders globally
  • Clear communicator able to present technical findings as concise, risk-based recommendations
Job Responsibility
Job Responsibility
  • Lead high-impact investigations and remediation for critical vulnerabilities and to plan and govern red-team and purple-team exercises that materially reduce Vodafone’s external exposure
  • Lead investigations into critical vulnerabilities, responsible disclosures and detection gaps and decide on immediate containment actions where required
  • Plan, commission and govern red-team and purple-team exercises, including scoping, objective setting and selection of internal or external providers
  • Own the lifecycle of high-priority remediation notices, from drafting and prioritisation through to closure or documented risk acceptance
  • Translate investigative and adversarial findings into clear, actionable recommendations for process, people and technology, and drive these recommendations to completion with market and platform owners
  • Act as the single point of escalation for exposure-related issues and provide concise briefings to senior stakeholders on trends and required actions
What we offer
What we offer
  • Yearly bonus: 10%
  • Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
  • Charity days: 5 days/year
  • Maternity leave: 52 weeks: the first 13 weeks are fully paid, followed by 26 weeks of half pay
  • Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%
  • Access to: private medical, private dental, free health assessments, share save scheme
  • Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
Read More
Arrow Right

Manager of Cybersecurity Engineering and Operations

We are looking for an experienced Manager of Cybersecurity Engineering and Opera...
Location
Location
United States , Burlington
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Security, or a related technical field
  • Advanced cybersecurity certifications such as CISSP, CISM, or equivalent
  • At least ten years of experience in technical cybersecurity roles, with a minimum of five years in enterprise-level environments
  • Proven expertise in forensic tools, investigations, and incident response processes
  • Strong knowledge of security practices, including SIEM, application security, and network security
  • Experience with vulnerability assessment tools and automated penetration testing
  • Effective leadership and communication skills to manage cross-functional coordination and team development
  • Ability to stay updated on emerging cybersecurity threats and technologies
Job Responsibility
Job Responsibility
  • Lead cybersecurity operations, including threat detection, incident response, and escalation, ensuring adherence to established protocols and runbooks
  • Oversee the design, operation, and optimization of core security platforms and tools, including vulnerability management, firewalls, cloud security, and identity protection systems
  • Collaborate with cross-functional teams, such as infrastructure, application, and DevOps, to integrate security measures into workflows and ensure alignment with organizational priorities
  • Manage vendor relationships and external service providers to effectively investigate, remediate, and document security incidents
  • Analyze incident trends and operational gaps to drive continuous improvement in detection, response, and automation capabilities
  • Coordinate vulnerability identification and remediation efforts in partnership with relevant teams to mitigate risks
  • Facilitate periodic security exercises, including tabletop simulations and red/blue team evaluations, to strengthen incident response readiness
  • Develop and maintain comprehensive documentation of security processes, incidents, and operational standards
  • Mentor and guide team members, fostering attention to detail in development and promoting a culture of accountability within the cybersecurity team
  • Ensure security systems and processes adapt to emerging threats and evolving business risks
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
Read More
Arrow Right

Cybersecurity Manager

Hunter Douglas is the world’s leading manufacturer of window coverings and a maj...
Location
Location
United States , Broomfield
Salary
Salary:
144000.00 - 196000.00 USD / Year
hunterdouglas.com Logo
Hunter Douglas
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in related field
  • Minimum of 5 years’ experience in Information Security Management
  • CISSP, CISM, or GSEC Security Certification required
  • Expert knowledge of security best practices (encryption, data protection, design, privileged access, etc.)
  • Solid knowledge and experience with managing and implementing standard security technologies (DLP, MDM, SIEM, AV, IDS)
  • Solid knowledge and experience with file management tools and can drive data owner entitlement review processes
  • Solid knowledge in compliance management and certification (PCI, GDPR, CCPA)
  • Basic knowledge of network technologies (protocols, design concepts, access control)
  • Solid knowledge to demonstrate excellent written and verbal communications
  • Solid knowledge and proficiency in planning, reporting, establishing goals and objectives, standards, priorities, and schedules
Job Responsibility
Job Responsibility
  • Monitor Hunter Douglas Cybersecurity tools, systems, and processes, including logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, patch management, vulnerability scanning technologies, etc.
  • Manage security analysts and third-party analyst services to ensure a thorough investigation of all detections and coordinate response activities
  • Investigate alerts in accordance with documented processes and manage incidents in accordance with the Hunter Douglas Incident Response plan
  • Partner with or oversee Cybersecurity Engineers, IT infrastructure, and IT operations teams to help identify gaps, strengthen security controls, and integrate them with IT operations practices
  • Develop and maintain Cybersecurity documentation as appropriate for deployed tools, playbooks, and joint ownership of the Incident Response plan
  • Participate in tabletop and other simulation exercises to practice and improve response capabilities
  • Participate in annual compliance certification and all related controls and documentation management as required
  • Partners with the training and professional development staff to promote security awareness among the user community
  • Review, recommend, and participate in requirements-gathering and operations handoffs for Cybersecurity deployments and projects
  • Identify, collect, analyze, interpret, and assist with reporting Cybersecurity metrics
What we offer
What we offer
  • Generous benefits package including medical, dental, vision, life, disability
  • A company culture that prioritizes internal development and professional growth
  • Time off with pay
  • 401(k) plan with a degree of employer matching
  • Paid parental leave
  • Wellness programs and product discounts
  • Fulltime
Read More
Arrow Right

Cybersecurity Manager

We are looking for an experienced IT Security Manager to lead enterprise-wide ef...
Location
Location
United States , Cleveland
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in information security, cyber security, or enterprise security leadership roles
  • Strong knowledge of application security, network security, and enterprise-wide security frameworks
  • Hands-on experience with SIEM platforms, incident response practices, and security monitoring operations
  • Background in audit, compliance, and risk management within a structured business environment
  • Demonstrated ability to lead cross-functional initiatives and influence stakeholders without direct supervisory authority
  • Certification such as CISSP, SSCP, or similar
  • Proven experience developing and validating disaster recovery and business continuity programs
Job Responsibility
Job Responsibility
  • Lead the organization's information and physical security program, establishing practical safeguards that support business objectives
  • Direct risk assessment activities and security reviews to identify vulnerabilities, evaluate exposure, and recommend mitigation strategies
  • Oversee asset audit processes to improve visibility into technology resources, security controls, and compliance status across the enterprise
  • Develop, maintain, and regularly test disaster recovery and business continuity plans to strengthen operational resilience
  • Create, implement, and enforce security policies, standards, and procedures that align with regulatory and organizational requirements
  • Partner with technical and business teams to drive security initiatives, influence decision-making, and build accountability across functions
  • Monitor security operations and incident trends, using SIEM and related tools to support threat detection, response, and continuous improvement
  • Manage security priorities within budget, timeline, and performance expectations while advancing the overall security roadmap
What we offer
What we offer
  • Medical
  • Vision
  • Dental
  • Life and disability insurance
  • 401(k) plan
  • Free online training
  • Fulltime
Read More
Arrow Right