Telemetry Operations Leader

Microsoft

About The Position

Telemetry Operations Leader The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. Aligning with Microsoft's mission and the focus of the Microsoft Security organization, this role is an integral part of a larger team dedicated to delivering world-class security operations that contain and evict threat actor activities. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. ROLE OVERVIEW: The Telemetry Operations Leader drives the operational backbone of the Telemetry Enforcement function, ensuring Microsoft’s cyber defense ecosystem has timely, accurate, reliable, and predictable telemetry to support investigations, incident response, detection engineering, and threat hunting. This role stewards the “telemetry services factory”: intake, prioritization, access brokering, dataset curation, operational inspection, and continuous improvement. This leader establishes the operational rhythms, SLAs/SLOs, governance patterns, and monitoring frameworks that enable high-scale throughput while ensuring consistent quality, transparency, and stakeholder alignment across CDO, Security Operations, Data Engineering, Platform teams, and partner organizations. Success is measured by improvements in cycle time, reliability, adherence to SLAs, clarity of access pathways, reduction of operational friction, and measurable uplift in analyst, investigator, and detection engineer productivity.

Requirements

Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR equivalent experience.
Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role.
These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

Experience operating in incident response / cyber defense environments where “incident pace” and role clarity are essential.
Experience working with security governance models that distinguish risk ownership from execution, and managing the seams between them
Demonstrated experience designing and operationalizing cross‑org operating models, including RACI, decision rights, escalation, and governance forums.
Proven ability to run a portfolio of stakeholder relationships and drive structured collaboration frameworks that reduce friction.
Strong executive communication: ability to synthesize ambiguity into crisp narratives and decision points. Operational rigor and systems thinking (service rhythms, governance patterns, repeatable processes).