Director of Security at Microsoft

Redmond, Washington, United States -

Full Time

Start Date

Immediate

Expiry Date

16 May, 26

Salary

274800.0

Posted On

15 Feb, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Posture Management, Infrastructure Security, Operational Security, Vulnerability Management, Configuration Management, Security Engineering, Program Management, Secure By Default, Continuous Monitoring, Risk Reduction, Security Assurance, Security Development Lifecycle, Security Baseline Design, Cloud Infrastructure Automation, Scripting, Azure

Industry

Software Development

Description

Overview We are seeking an experienced operational and infrastructure security leader to manage the security posture of Microsoft AI’s production estate. This role is responsible for protecting some of Microsoft’s largest consumer services, including Bing, Copilot, Edge, MSN, and Microsoft Advertising, by driving secure-by-default infrastructure, rigorous operational security practices, and high-confidence vulnerability and configuration management at scale. As the manager of the team, you will lead a group of security engineers and program managers who partner directly with product engineering, SRE, and platform teams. You will scale your expertise through them, ensuring that secure patterns, baselines, and controls are consistently implemented across diverse, high-volume systems. You will own the Infrastructure and Operational Security assurance functions and be accountable for continuous monitoring, risk reduction, and the overall security health of the division. Why Join Us: Shape the security posture of Microsoft’s most widely used consumer products. Lead a team operating at the intersection of scale, complexity, and real-world impact. Work in a collaborative environment that values clarity, accountability, and technical excellence. Play a critical role in protecting Microsoft’s digital ecosystem and earning customer trust. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction. Responsibilities Infrastructure and Operational Security Execution: Assist in the development and implementation of comprehensive security strategies aligned with the Secure Future Initiative (SFI) and beyond. Manage a team to deliver technical execution with engineering, set policy and build tooling and automation to enforce Security by Default baselines within Microsoft AI environments. Identify opportunities to continuously improve controls and monitoring for Secure Operations. Lead direction on the assurance programs that align with Microsoft’s Security Development Lifecycle, evolving the existing programs in a more modern security direction. Security Project Orchestration: Oversee large-scale security project rollouts across the organization. Coordinate with various teams to ensure seamless execution of security initiatives. You will own management of security baseline design and execution, providing direct technical support and advice to engineering, providing reporting and summaries to leadership and generally delivering on projects to identify and mitigate security risks. Cybersecurity and Operational Program: Adopt and oversee cybersecurity guidelines and standards, coordinate with compliance teams, and execute attestations. Ensuring the adoption of Implementation Guidance issued through the Regulatory Governance program, as well as other compliance guidance, Council decisions, and applicable standards and controls. Including oversight of and coordination with compliance teams, and execution of necessary attestations and related records. Qualifications Required: Bachelor's Degree AND 6+ years experience in engineering, product/technical program management, data analysis, or product development OR equivalent experience. 1+ years people management experience. Minimum of 6 years of experience in cybersecurity, with a focus on planning and execution of security assurance programs (application and operational). Preferred: Bachelor's Degree AND 12+ years experience engineering, product/technical program management, data analysis, or product development OR equivalent experience. Minimum of 8 years of experience in cybersecurity, with a focus on planning and execution of security assurance programs (application and operational). 3+ years of experience managing cross-functional and/or cross-team projects. Certified Information Systems Security Professional (CISSP) Certification, Security+ Certification, or relevant certification. Experience managing large scale cybersecurity assurance and operational security programs preferably including online service development. Experience with defining and tracking OKRs and KPIs to measure program performance. Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization. Experience with application security standards such as OWASP ASVS/Top 10, CWE 25. Experience with common security libraries, security controls, and common security flaws. Outstanding collaboration and partnership skills, with proven ability to drive results across teams. Coding skills in one or more general purpose scripting languages. Proven experience in establishing security baselines for infrastructure, identifying and mitigating operational security risk and hands on implementation, coding, scripting and automating Azure (or equivalent) cloud infrastructure and services. #MicrosoftAI #Security #CyberSecurity #SecurityEngineering Technical Program Management M5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Responsibilities

This role involves managing a team of security engineers and program managers to drive secure-by-default infrastructure and rigorous operational security practices across Microsoft AI's production estate, including major consumer services. The director will own Infrastructure and Operational Security assurance functions, focusing on continuous monitoring, risk reduction, and ensuring consistent implementation of secure patterns and controls.