Senior Cyber Range Operations Lead

Job description

With more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture.

We drive cross-company alignment and execution, ensuring that we consistently exceed customers’ expectations in every interaction, whether in-product, digital, or human-centered.

CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft’s portfolio of solutions and products.

Join CE&S and help us accelerate AI transformation for our customers and the world.

The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty.

Microsoft’s Detection and Response Team (DART) is seeking a skilled and highly organized Senior Cyber Range Operations Lead to design, develop, and maintain proactive offerings that increase our customer’s cybersecurity resilience in the face of evolving threats.

This role combines deep technical expertise with security-focused offerings, development, leadership, and collaboration across global teams.

You will be part of a globally distributed, mission-driven team that responds to some of the most complex and high-impact cybersecurity incidents in the world.

You will work alongside experts in threat hunting, reverse engineering, infrastructure containment and recovery, and help shape the future of Microsoft’s incident response capabilities.

Join a world-class security team dedicated to helping organizations stay ahead of cyber threats.

As a Senior Cyber Range Operations Lead you will design and deliver cutting-edge resilience and incident response exercises that empower customers to anticipate, withstand, and recover from attacks.

This is a role for someone passionate about proactive security, innovation, and customer success.

Additionally, the Senior Cyber Range Operations Lead will also oversee customer relationships and support tailoring practical scenarios to those customers, ensuring that delivery processes align with business objectives and maintaining high standards of service delivery.

This role is for a professional who not only excels in technical acumen, but is passionate about cybersecurity.

The candidate should also demonstrate robust capabilities in engaging with clients and be driven to make a global impact by helping organizations improve their cybersecurity resilience.

Should you possess the requisite skills and feel prepared to embrace this opportunity, we would be eager to review your candidacy.

This role is flexible in that you can work up to 100% from home however up to 75% travel to deliver onsite with customers may be required.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more.

As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals.

Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

**Responsibilities**

+ **Cyber Range Development:**

+ Architect and build cyber ranges that replicate enterprise environments, including networks, endpoints, cloud services, and critical infrastructure.
+ Integrate threat emulation frameworks and automation tools for realistic attack simulations.
+ Ensure ranges support multi-scenario exercises (e.g., ransomware, supply chain compromise, insider threats).
+ Design and implement cyber ranges that replicate enterprise-scale environments, including hybrid cloud, identity systems, and critical infrastructure.
+ Integrate threat emulation frameworks and automation for repeatable, high-fidelity attack simulations.
+ Ensure ranges support multi-scenario exercises aligned with current threat intelligence and Microsoft security priorities.

+ **Red Team Exercise Design & Execution:**

+ Collaborate with White Team and Blue Team stakeholders to define objectives, scope, and success metrics.
+ Develop adversary emulation plans aligned with MITRE ATT&CK and emerging threat intelligence.
+ Conduct controlled offensive operations within the range to validate detection and response capabilities to assess resilience and identify gaps.

+ **Delivery & Facilitation:**

+ Lead and deliver cyber resilience exercises for strategic customers, including hands-on incident response drives and tabletop exercises for executives and security teams.
+ Provide actionable recommendations, post-exercise debriefs, gap analysis, and actionable recommendations for resilience improvement and response maturity.

+ **Continuous Improvement:**
+ Maintain and update cyber ranges with latest technologies, vulnerabilities, and attack techniques.
+ Research and integrate innovative tools for automation, orchestration, and scenario generation.
+ **Other**
+ Embody our culture and values

**Qualifications**

**Required Qualifications:**

+ Master's Degree in Statistics, Mathematics, Computer Science or related field
+ OR 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
+ 3+ years development and delivery of cyber range exercises in a red team capacity
+ Ability to travel up to 75% travel to deliver onsite with customers

**Other Qualifications:**

+ Ability to meet Microsoft, customer and / or government security screening requirements are required for this role.

These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

**Preferred Qualifications:**

+ Doctorate in Statistics, Mathematics, Computer Science or related field
+ OR 6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
+ 3+ years of professional experience in areas such as project management, operations, process enhancement, cybersecurity, or related sectors.
+ 2+ years of guiding stakeholders and achieving agreement among individuals at all levels of experience.
+ 4+ years of experience in Red Team operations, penetration testing, or adversary emulation.
+ Knowledge of enterprise networks, identity systems (Active Directory, Azure AD), and cloud platforms (Azure, AWS).
+ Understanding of threat frameworks (MITRE ATT&CK, NIST CSF, ISO 27001) and incident response processes.
+ Scripting and automation skills (PowerShell, Python).
+ Experience with cyber range platforms or custom-built environments.
+ Certifications: OSCP, CRTO, GIAC Red Team, or equivalent.
+ Ability to communicate technical concepts to executives and technical teams.
+ Effective interpersonal and communication abilities, conducive to productive collaboration within diverse team structures.
+ Proactive approach in initiating actions and advocating for improvements to establish more streamlined and effective development and delivery processes.
+ Familiarity with virtualization and containerization (Hyper-V, VMware, Kubernetes).
+ Cloud security experience in hybrid environments.
+ Certifications such as CISSP, CISM, or GIAC (GCIH, GCFA)

Security Research IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year.

There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation.

Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until November 1, 2025.

#Cybersecurity #MicrosoftIR #RedTeam #IncidentResponse #Cyberrange

Microsoft is an equal opportunity employer.

Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances.

If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .

Required Skill Profession

Other General