Resilience Lead

Microsoft's Detection and Response Team (DART) is seeking a skilled and highly organized Senior Resilience Lead to design, develop, and maintain proactive offerings that increase our customers' security cyber resilience in the face of evolving threats. This role combines deep technical expertise with development of security-focused offerings, as well as leadership and collaboration across global teams. You'll be part of a globally distributed, mission-driven team that responds to some of the most complex and high-impact cybersecurity incidents in the world. You'll work alongside experts in threat hunting, reverse engineering, infrastructure containment and recovery, helping to shape the future of Microsoft's incident response capabilities. Join a world-class security team dedicated to helping organizations stay ahead of cyber threats. As a Senior Resilience Lead, you'll design and deliver cutting‑edge resilience and incident response offerings that empower customers to anticipate, withstand, and recover from attacks. This is a role for someone passionate about proactive security, innovation, and customer success. Additionally, as a Resilience Lead you will also oversee customer relationships, ensuring that delivery processes align with business objectives and maintaining high standards of service delivery. This role is for professionals who not only excel in technical acumen and are passionate about cybersecurity, but also demonstrate robust capabilities in engaging with clients and want to make a global impact by helping organizations improve their cybersecurity resilience. Should you possess the requisite skills and feel prepared to embrace this opportunity, we would be eager to review your candidacy. Up to 75 % travel to deliver onsite with customers may be required.

• Lead proactive security initiatives – develop and launch advanced resilience programs, readiness assessments, and threat modeling engagements.
• Drive continuous improvement and measurable risk reduction.
• Elevate incident response readiness – deliver tabletop exercises, cyber range simulations, and playbook development to prepare customers for real‑world threats.
• Align offerings with global best practices and compliance standards.
• Inspire and collaborate with a high‑performing team – engage with peers and internal partners for development and delivery, mentor security professionals, foster growth, and maintain a culture of collaboration and excellence.
• Ensure operational rigor and quality across all engagements.
• Be a trusted advisor – engage directly with enterprise customers and executive stakeholders, translate technical insights into actionable strategies that strengthen resilience.
• Collaborate across the ecosystem – partner with delivery, analyst, engineering, threat intelligence, and operations teams to enhance service capabilities.
• Influence offerings roadmaps through customer feedback and field insights.

• Master’s Degree in Statistics, Mathematics, Computer Science, or a related field OR extensive experience in the software development lifecycle, large‑scale computing, modeling, cybersecurity, and/or anomaly detection.
• Ability to travel extensively (up to 75 %) to deliver onsite with customers.
• Minimum of several years of experience in the development and delivery of workshops and tabletop exercises.
• Ability to meet Microsoft, customer, and/or government security screening requirements (Microsoft Cloud Background Check, etc.).
• Several years of professional experience in areas such as project management, operations, process enhancement, cybersecurity, or related sectors.
• Effective interpersonal and communication abilities conducive to productive collaboration within diverse team structures.
• Proactive approach in initiating actions and advocating for improvements to establish more streamlined and effective development and delivery processes.
• Familiarity with project management methodologies, cloud security experience in hybrid environments, and expertise in frameworks such as NIST CSF, MITRE ATT&CK, and ISO 27001.
• Certifications such as CISSP, CISM, or GIAC (GCIH, GCFA).
• Desire to seek a clearance if not already in possession of one.