Director of Security

We are seeking an experienced operational and infrastructure security leader to manage the security posture of Microsoft AI’s production estate. This role is responsible for protecting some of Microsoft’s largest consumer services, including Bing, Copilot, Edge, MSN, and Microsoft Advertising, by driving secure-by-default infrastructure, rigorous operational security practices, and high-confidence vulnerability and configuration management at scale.

As the manager of the team, you will lead a group of security engineers and program managers who partner directly with product engineering, SRE, and platform teams. You will scale your expertise through them, ensuring that secure patterns, baselines, and controls are consistently implemented across diverse, high-volume systems. You will own the Infrastructure and Operational Security assurance functions and be accountable for continuous monitoring, risk reduction, and the overall security health of the division.

Why Join Us:

• Shape the security posture of Microsoft’s most widely used consumer products.
• Lead a team operating at the intersection of scale, complexity, and real-world impact.
• Work in a collaborative environment that values clarity, accountability, and technical excellence.
• Play a critical role in protecting Microsoft’s digital ecosystem and earning customer trust.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.  

Starting January 26, 2026, Microsoft AI (MAI) employees who live within a 50- mile commute of a designated Microsoft office in the U.S. or 25-mile commute of a non-U.S., country-specific location are expected to work from the office at least four days per week. This expectation is subject to local law and may vary by jurisdiction.

Responsibilities

• Infrastructure and Operational Security Execution: Assist in the development and implementation of comprehensive security strategies aligned with the Secure Future Initiative (SFI) and beyond. Manage a team to deliver technical execution with engineering, set policy and build tooling and automation to enforce Security by Default baselines within Microsoft AI environments. Identify opportunities to continuously improve controls and monitoring for Secure Operations. Lead direction on the assurance programs that align with Microsoft’s Security Development Lifecycle, evolving the existing programs in a more modern security direction.
• Security Project Orchestration: Oversee large-scale security project rollouts across the organization. Coordinate with various teams to ensure seamless execution of security initiatives. You will own management of security baseline design and execution, providing direct technical support and advice to engineering, providing reporting and summaries to leadership and generally delivering on projects to identify and mitigate security risks.
• Cybersecurity and Operational Program: Adopt and oversee cybersecurity guidelines and standards, coordinate with compliance teams, and execute attestations. Ensuring the adoption of Implementation Guidance issued through the Regulatory Governance program, as well as other compliance guidance, Council decisions, and applicable standards and controls. Including oversight of and coordination with compliance teams, and execution of necessary attestations and related records.

Qualifications

Required:

• Bachelors Degree AND 6+ years experience in engineering, product/technical program management, data analysis, or product development
  • OR equivalent experience.
• 1+ years people management experience.
• Minimum of 6 years of experience in cybersecurity, with a focus on planning and execution of security assurance programs (application and operational).

Preferred:

• Bachelors Degree AND 12+ years experience engineering, product/technical program management, data analysis, or product development
  • OR equivalent experience.
• Minimum of 8 years of experience in cybersecurity, with a focus on planning and execution of security assurance programs (application and operational).
• 3+ years of experience managing cross-functional and/or cross-team projects.
• Certified Information Systems Security Professional (CISSP) Certification, Security+ Certification, or relevant certification. 
• Experience managing large scale cybersecurity assurance and operational security programs preferably including online service development.
• Experience with defining and tracking OKRs and KPIs to measure program performance.
• Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization.
• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25. 
• Experience with common security libraries, security controls, and common security flaws.  
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams. 
• Coding skills in one or more general purpose scripting languages.
• Proven experience in establishing security baselines for infrastructure, identifying and mitigating operational security risk and hands on implementation, coding, scripting and automating Azure (or equivalent) cloud infrastructure and services.

#MicrosoftAI #Security #CyberSecurity #SecurityEngineering

Technical Program Management M5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.