Physical Security Engineering Manager in London

Overview

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Microsoft’s Cloud Operations & Innovation (CO+I) is the engine that powers our cloud services. As a Physical Security Engineering Manager, you will lead a regional team in the Security Systems Critical Infrastructure (SSCI) team responsible for managing security systems for Microsoft datacenters. The SSCI team is responsible for delivering and sustaining physical security infrastructure and foundational technologies for Microsoft's online services including Bing, Office 365, Xbox, OneDrive, and the Microsoft Azure platform. This includes managing the health of physical security systems across a portfolio of locations through break/fix operations, participating in on-call DRI rotation to provide support, ensuring that systems and hardware are configured in alignment with baseline standards, driving program improvements in partnership with other teams, and enabling the delivery of new datacenter capacity through programming access control and video systems. This is a high visibility position in an area of large and expanding investment for Microsoft and offers a terrific opportunity for technical and career growth. We are focused on the personal and professional development for all employees and offer trainings and growth opportunities including Career Rotation Programs, Diversity & Inclusion trainings and events, and professional certifications.

Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our foundation is built upon and managed by a team of subject matter experts working to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide. With environmental sustainability and optimization at the forefront of our datacenter design and operations, we continue to grow and evolve as we meet the ever-changing business demands that hold Microsoft as a world-class cloud provider. Do you want to empower billions across the world? Come and join us in CO+I and be at the forefront of the action!

Responsibilities

• People Management: Deliver success through empowerment and accountability by modeling, coaching, and caring. Drive positive collaboration across teams by promoting the open exchange of information, resolving issues within and beyond your immediate team, managing conflict and teamwork challenges, and removing barriers to enable teams to quickly shift priorities without losing productivity.
• Automation: Leads team in defining and architecting automation to improve effectiveness and efficiencies of security operations, resolving issues with new processes as needed. Coaches others on the development and/or implementation of automated and artificial intelligence (AI) solutions that minimize and/or resolve incidents. Supports security automation and tooling initiatives and the integration of security checks into CI/CD pipelines. Coordinates the utilization of automation and AI to prioritize and drive improvements to organizational strategy, processes, products, services, and solutions. Facilitates team adoption of automation and AI around security. Encourages team to contribute to intellectual property (e.g., bugs, missing features) for products, services, and solutions.
• Customer/Partner Experience: Guides team to identify and anticipate customer and partner requirements and needs to drive satisfaction and experience. Reviews metrics to identify trends and resolve gaps in customer and partner satisfaction and experience. Coordinates across team to drive improvements in customer and partner experience and share best practices.
• Customer/Partner Results: Mentors team on developing partnerships with internal and external stakeholders to identify and push solutions to the environment to address threats. Manages the execution of service level agreement (SLAs) and ensures all requirements are reached when addressing threats. Integrates organizational strategy to ensure alignment with contractual requirements when addressing incidents. Guides team to identify and define new feature sets and/or solutions to address issues and prevent reoccurrence.
• Data-Driven Analysis: Oversees analysis and integration of key metrics, key performance indicators (KPIs), and other data sources (e.g., bugs, unhealthy data pipeline) to identify trends in security issues. Executes organizational strategies related to the identification of data requirements and gaps in measurement and suggests mitigation strategies to close gaps. Promotes best practices around the prioritization of findings and drives resolution of priority issues. Coordinates the evaluation of current and emerging analytical technologies and tools and distributes feedback across team to drive adoption and usage.
• Identification and Detection of Control Failures: Guides team on scaling solutions or programs to address identified control issues (e.g., network, identity, applications), current threats, and proactively mitigates future threats. Encourages team to consider ways to integrate security architecture principles like least privilege and zero trust during system design to preclude vulnerabilities. Coaches team on evaluating and articulating risk(s) within products, services, or environments. Ensures team applies threat modeling and continuous risk assessments to identify potential vulnerabilities and mitigations to address these risks. Identifies and prioritizes high-impact opportunities and coaches team to create solutions or tools that enhance efficiencies and improve security posture (e.g., streamline processes, automate). Ensures adherence to strategies and processes around compliance programs (e.g., HIPAA). Serves as a resource on translating security controls and policies to resolve incidents or implement security mitigation plans.
• Industry Expertise: Promotes knowledge-sharing sessions, workshops, and participation in external security events to build expertise and industry presence. Encourages team to participate in Microsoft Community (e.g., Strike) and external events. Implements organizational cybersecurity knowledge-sharing processes across non-cybersecurity teams (e.g., software development) to facilitate safe product building and maintenance. Executes organizational strategy for identifying sector-specific threats and implementing existing compliance frameworks that align with broader security frameworks. Encourages use of information sharing and collaboration platforms like ITISAC or HISAC or attending global bootcamps (e.g., Blackhat, Bluehat).
• Monitoring and Detection: Coaches team to use hunting queries and capabilities to detect issues and irregularities (e.g., false positives, noise) in environment. Facilitates partnerships across teams to research new attacks and identify opportunities to build new detection capabilities. Trains team to evaluate, prioritize, and address potential or actual intrusions. Coordinates the development of automation to improve detection and response capabilities aligned with risk, threat models, or regulatory needs within the security community. Encourages partnerships across teams to enable standardization and alignment across technical practices and security frameworks. Supports team to build and document use cases with regards to monitoring and detection. Manages adoption of comprehensive monitoring strategies to ensure capabilities are deployed and functioning correctly (e.g., health, completeness). Reviews coverage mapping of use cases with security industry frameworks (e.g., MITRE, National Institute of Standards and Technology (NIST)). Encourages team to identify new telemetry/data sources for identifying threats and attack patterns.
• Security Incident Response: Actively encourages team members to adopt a security-first mindset, and provides technical guidance on complex security issues. Guides analysis of attempted or successful efforts to compromise systems security. Serves as an escalation point for team and implements response plans and mitigation steps to resolve security incidents, escalating when necessary. Distributes guidance to limit exposures and address new or nuanced security issues. Maintains communication channels with stakeholders and leaders to facilitate handling of security incidents. Monitors team adherence to best practices around postmortem analysis to identify opportunities to drive continuous improvement and operational excellence. Ensures team conducts design reviews and threat simulations to improve system robustness and resilience. Reviews security incident response processes and procedures to create and share security incident playbook. Trains team members on triage, analysis, and prioritization. Acts as an escalation point for security incidents, collaborating with incident response teams to investigate, remediate, and improve system resilience.
• Threat Intelligence and Analysis: Guides the analysis of threat trends in the industry and leads the prioritization of detections and signatures for defense capabilities. Coaches team on influencing customers and partners to enhance security posture. Leads the integration of intelligence from internal and external sources (e.g., open source intelligence (OSINT) platforms) into existing security operations center (SOC) solutions. Oversees documentation processes to ensure comprehensive security information and event management (SIEM) systems.
• Translate Security Policy and Standards into Effective Controls: Facilitates the continuous improvement of organizational strategy regarding security policy and standards across teams and services. Leads the evaluation of security policy and standards to identify and mitigate gaps through improvements and new controls. Maintains and communicates comprehensive security policy and standards. Serves as a resource across teams (e.g., business partners, peers, industry) on security policies and standards.
• Other: Embody our culture and values.

Qualifications

Required / Minimum Qualifications: Bachelor's or Master's Degree in Statistics, Mathematics, Computer Science, or related field or equivalent experience. Several years of experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.

Background Check Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional / Preferred Qualifications: Doctorate in Statistics, Mathematics, Computer Science, or related field AND several years of experience in physical security infrastructure delivery and lifecycle, threat modeling, cyber security, or anomaly detection. Several years of people management and/or informal/indirect team leadership experience. Several years of experience leading a security function (e.g., Security Operations Center (SOC), threat and vulnerability management (TVM)). Several years of experience leading multi-disciplinary team. Lenel Certification, Milestone Certification, CISSP, CISA, CISM, SANS, OSCP, Security+.

The typical base pay range for this role across United Kingdom is £74,700.00 - £112,100.00 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.