• The Cybersecurity Operations Analyst is responsible for assisting in the design and implementation of cybersecurity controls. • Monitor systems by correlating logs for security events and provide alerts for potential incidents. • Maintain up-to-date knowledge of emerging threats. • Provides Tier 1 support for SOC activities, including incident response, forensics, and reporting. • Collaborate with the Cybersecurity Operations team to maintain robust security practices.

Overview The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.Security represents a critical priority for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a secure cloud that protects them with end-to-end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.Aligning with Microsoft's mission and the focus of the Microsoft Security organization, this role is an integral part of a larger team dedicated to delivering world-class security operations that contain and evict threat actor activities. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Responsibilities - Coordinates with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services. - Conducts hands-on mitigation where possible; engages service owners when there is a risk of a production outage . - Maintains hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams. - Briefs executive stakeholders on eviction plans and associated status. - Maintains and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities. - Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform; operationalize as they are delivered. - Drives strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features). Qualifications - 10+ years of hands-on experience working in cybersecurity incident response. - Hands-on experience with incident response in Azure or Microsoft 365. - Proficient with Kusto data query languages. - Ability to work under pressure, structure unstructured problems and provide clarity where ambiguity exists. - Ability to operate with autonomy, influence others, and a bias for action. Bachelor's or Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response. Preferred Qualifications: 10+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response OR equivalent experience. Other Requirements  Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Overview Senior Operations Manager, Cross‑Org Security Operating Model & Partnerships The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. Aligning with Microsoft's mission and the focus of the Microsoft Security organization, this role is an integral part of a larger team dedicated to delivering world-class security operations that contain and evict threat actor activities. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Role Summary The Senior Operations Manager, Cross‑Org Security Operating Model & Partnerships, is accountable for clarifying and operationalizing the interfaces between Cyber Defense Operations (CDO) organizations and the broader ecosystem of stakeholders across the CISO organization and adjacent partner teams. The role is the single-threaded owner for a portfolio of cross‑functional relationships and programs, ensuring they are executed with clear operating models, decision rights, escalation paths, and engagement norms—especially at “incident pace,” where ambiguity creates risk. This role ensures that cross-company work does not degrade into ad‑hoc “who owns what” debates but instead follows defined constructs that distinguish security risk ownership from operational execution, with measurable outcomes and durable governance. CDO/Ops Hub and partner organizations often move at different speeds, with different mandates, which can lead to unclear handoffs, role confusion, and slower response—particularly during high-severity incidents and complex cross-org programs.This role exists to eliminate ambiguity by translating “RACI on paper” into lived, repeatable operating behavior, and by upgrading partner engagement structures, so coordination is predictable and fast. This role partners across: - CDO/Ops Hub functions that coordinate incident response and enforce cross-company process/routing. - CISO organization stakeholders involved in incident response, decision-making, and governance constructs. - Post‑incident review and process partners where handoffs and ownership must be explicit. - Engineering/Product/Compliance partners involved in risk and remediation execution models (operating model emphasis on common language, responsibility clarity). Core Deliverables: - Cross‑Org Operating Model Playbook: clear scope, decision rights, RACI, escalation paths, engagement norms. - Partner Engagement Plans for priority stakeholders: cadence, artifacts, shared tooling, and issue-resolution mechanisms. - Handoff Contracts / Interface Maps: explicit “start/stop” responsibility boundaries for key workflows (incidents, PIRs, audit requests, comms, etc.). - Executive‑Ready Briefs: decision memos and status updates grounded in defined constructs and measurable outcomes. Success Measures: Measured outcomes should reflect clarity, speed, and reduced friction, such as: - Partner teams can articulate where responsibility starts/stops, and incidents execute with fewer ownership disputes. - Reduction in partner confusion flagged as a blocker during high‑severity incidents (tracked through partner relationship upgrade metrics). - Improved consistency and predictability of cross‑org handoffs (e.g., PIR ownership clarity, documentation standardization, streamlined handoff process). - Increased adoption of standard engagement frameworks (fewer side channels; better planning/lead time discipline). Responsibilities Key Responsibilities: 1) Operating Model Ownership: Define “Who Owns What” (and Make It Real) - Define and maintain clear ownership boundaries and “handoff contracts” across teams (e.g., what CDO/Ops Hub owns vs. what partner orgs own). - Translate abstract RACI into operational execution behaviors under pressure (e.g., incident declaration, response strategy, comms lanes, escalation). - Ensure operating models distinguish security risk ownership from execution, reducing duplication and conflicting authority. 2) Partner Relationship “Portfolio” Management (Business + Security Stakeholders) - Build and run a structured portfolio of partner relationships, including engagement plans, shared artifacts, and regular sync mechanisms (“infrastructure to support collaboration”). - Drive targeted relationship upgrades with prioritized partners to reduce confusion during incidents and cross-org execution. - Establish predictable engagement pathways (intake, routing, escalation) so teams know how to work together without side-channeling. 3) Cross‑Functional Program Delivery with Clarity and Governance - Own the governance layer for cross-org programs: program charters, RACI, decision logs, escalation routes, and “definition of done” criteria. - Ensure partner dependencies and obligations (audit, compliance, PIR handoffs, etc.) are executed through defined constructs—not ad‑hoc heroics. 4) Incident‑Pace Interface Clarity (Especially for Executive + Crisis Moments) - Ensure the right roles engage at the right time (e.g., Incident Coordinator vs. dCISO vs. CISO vs. business leaders) and that escalation paths remain unambiguous. - Reduce friction by clarifying comms lanes and decision ownership during incidents (including executive communication expectations and “who speaks for whom”). 5) Continuous Improvement of Handoffs, Procedures, and “Seams” - Own improvements to the core procedures governing handoffs and interaction points between CDO and partner teams (including engagement “rolodex” patterns). - Use partner feedback and retrospectives to systematically reduce recurring confusion, delays, and duplicated effort. 6) Executive Readouts & Decision Support - Translate complex operational realities into clear executive decision points, tradeoffs, and recommendations. - Provide crisp, cross‑org narratives on what is working, where ownership is breaking down, and what must change to reduce risk and accelerate outcomes. Qualifications Required Qualifications: - Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response - OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response - OR equivalent experience. Other Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: - Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. Preferred Qualifications: - Experience operating in incident response / cyber defense environments where “incident pace” and role clarity are essential. - Experience working with security governance models that distinguish risk ownership from execution, and managing the seams between them. - Demonstrated experience designing and operationalizing cross‑org operating models, including RACI, decision rights, escalation, and governance forums. - Proven ability to run a portfolio of stakeholder relationships and drive structured collaboration frameworks that reduce friction. - Strong executive communication: ability to synthesize ambiguity into crisp narratives and decision points. Operational rigor and systems thinking (service rhythms, governance patterns, repeatable processes). Security Operations Engineering IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Company Description Who we are Moveworks is the Agentic AI Assistant platform that empowers the entire workforce. Our platform enables employees to converse with all of their business systems through natural language to quickly find answers and automate tasks. Powered by the world's most advanced LLMs, our proprietary models, and a sophisticated Agentic AI platform, we're transforming how work gets done by allowing AI to take initiative, streamline complex workflows, and continuously learn and adapt. Moveworks is trusted by over 5.5 million employees at more than 350 of the world’s largest companies, including 10% of the Fortune 500, to automate everyday tasks and streamline business operations. Recognized on the Forbes Cloud 100 and AI 50 lists, Moveworks was also named one of Fast Company’s 2025 Most Innovative Companies and Inc’s Best in Business, in the Best in Innovation category. Moveworks was also recognized at Microsoft’s 2025 Partner of the Year and in 2024, received the AI Breakthrough Award. In December 2025, Moveworks was acquired by ServiceNow, marking a pivotal milestone in our journey to create a single front door to work for all business systems. By combining ServiceNow’s leading workflow automation with Moveworks’ Reasoning Engine and natural language capabilities, we deliver the AI platform for every person and every workflow. Built to go beyond basic summaries to deliver meaningful business impact. Together, our AI acts across enterprise systems to turn conversations into completed work. By joining our team, you’ll be at the forefront of the AI transformation, backed by the global scale of ServiceNow and the agility of a high-growth company. We are looking for world-class talent to help us extend agentic AI to every employee across every corner of the business. Come join us! ServiceNow It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone. Job Description The Moveworks Security team at ServiceNow is not looking for a traditional SOC analyst to watch a dashboard. We are looking for a Security Automation Disruptor. Your goal is to automate the SOC out of existence. As a member of our Blue Team, you will treat the incident response lifecycle as an engineering problem—designing, building, and deploying autonomous workflows that handle detection, triage, and remediation at machine speed. You will be at the intersection of core Security Operations and AI-driven defense. What you get to do in this role: - E2E IR Automation: Design and implement end-to-end automation for the IR lifecycle (Detection -> Triage -> Containment -> Recovery). - Detection Engineering: Build and tune high-fidelity detections in our SIEM, EDR, and AI SOC platforms - AI-Driven Ops: Leverage LLMs, Prompt Engineering, and MCP (Model Context Protocol) servers to build "Agentic" security workflows that scale our defensive capabilities. - Purple Teaming: Detect and disrupt our internal red team. You will work closely with the Red team to detect their attacks, disrupt their attack path, and close vulnerabilities. - Validate the Defense: Don’t just build it—prove it works. Design and execute automated tests to validate that our detections and playbooks actually fire when they should. - Decide with Data: Be data driven, when faced with difficult or complex decisions, you quickly gather data to make informed decisions - Incident Response: Support active incidents as an incident responder, using each event as data to build better future automation. Qualifications To be successful in this role you have: - U.S. Citizenship required - The Mindset: You hate manual work. You see a repetitive task and immediately think about how to write a script or build an Agent to do it for you. - Technical Foundation: 1–5 years of experience in Security Operations or Security Engineering. - Automation Fluency: Proficiency in Python. You should be comfortable working with APIs, webhooks, and version control systems (Git). - AI Native: You don't just use ChatGPT; you understand Prompt Engineering, how to connect MCP servers, and how to integrate LLMs into technical workflows. - Cloud Proficiency: Hands-on experience with AWS (IAM, CloudTrail, GuardDuty). Experience with Kubernetes (EKS) is a major plus. - FedRAMP Readiness: While you are an engineer first, you have the soft skills to interpret control frameworks while understanding how to generate and present evidence to ensure we are in compliance. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license. - Employee Type: Regular - Region: AMS - North America and Canada - Work Persona: Flexible or Remote