Gaming Principal, Cloud Threat Detection & Incident Response Engineer jobs in United States
info-icon
This job has closed.
company-logo

Microsoft · 2 hours ago

Gaming Principal, Cloud Threat Detection & Incident Response Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$140K/yr - $275K/yr
date6+ years exp

Microsoft is committed to ensuring that we develop and deploy our AI technologies in ways that uphold our AI principles and warrant people’s trust. The Gaming Principal, Cloud Threat Detection & Incident Response Engineer will lead the strategic maturity of cloud-native security capabilities across Microsoft Gaming, defining and advancing the use of Azure’s security stack to detect, investigate, and respond to threats.

Agentic AIApplication Performance ManagementArtificial Intelligence (AI)Business DevelopmentDevOpsInformation ServicesInformation TechnologyManagement Information SystemsNetwork SecuritySoftware
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows
Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls
Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments
Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments
Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies
Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps
Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths
Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows
Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners
Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns
Champion CI/CD pipelines, version-controlled detection repositories, automated testing, and change management for cloud detections
Mentor senior engineers, scale cloud security knowledge across the organization, and raise the technical bar for the Gaming TDIR function
Partners with cross-functional teams to define and architect automation to improve effectiveness and efficiencies of security operations, resolving issues with new processes as needed
Leads the development and/or implementation of automated and artificial intelligence (AI) solutions that minimize and/or resolve incidents
Drives security automation and tooling initiatives, integrating security checks into CI/CD pipelines to improve consistency and scale
Oversees the utilization of automation and AI to prioritize and drive improvements to products, services, and solutions
Acts as a key escalation point for security incidents, collaborating with incident responders to investigate, remediate, and improve system resilience
Develops and implements security policy and standards across teams and services. Preemptively evaluates security policy and standards to identify critical gaps and leads the development of strategies to drive improvements and implement new controls

Qualification

Cloud security engineeringThreat detectionIncident responseSecurity architectureAWS securityGCP securityAzure securityKQLPythonCollaborationCommunicationMentoringProblem-solving

Required

Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience

Preferred

10+ years of hands-on experience in cloud security engineering, threat detection, incident response, or security architecture
10+ years of experience in Cyber Security
4+ years of hands-on experience with AWS, GCP (Google Cloud Platform), or Azure security detection and threat-hunting strategies
Demonstrated ability to influence engineering groups and lead during high-severity cloud incidents
Understanding of KQL/Splunk SPL, Python, or other automation tooling languages, and cloud-focused investigation patterns
Understanding of modern adversary behavior in identity-centric and cloud-native environments
Experience with multi-cloud detection strategies
Background in cloud telemetry engineering, logging architecture, or distributed signal processing
Experience with large-scale or highly federated environments spanning multiple business units
Familiarity with game hosting services, analytics pipelines, or live-service architecture

Benefits

Certain roles may be eligible for benefits and other compensation.

Company

Microsoft

twittertwittertwitter
Glassdoor4.3
company-logo
Microsoft is a software corporation that develops, manufactures, licenses, supports, and sells a range of software products and services.
dateFounded in 1975
location
Redmond, Washington, USA
people-size10001+ employees
web-link
https://www.microsoft.com

H1B Sponsorship

Microsoft has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (9192)
2024 (9343)
2023 (7677)
2022 (11403)
2021 (7210)
2020 (7852)

Funding

Current Stage
Public Company
Total Funding
$1M
Key Investors
Technology Venture Investors
2022-12-09Post Ipo Equity
1986-03-13IPO
1981-09-01Series Unknown· $1M

Leadership Team

leader-logo
Satya Nadella
Chairman and CEO
linkedin
leader-logo
Vukani Mngxati
Chief Executive Officer - Microsft South Africa
linkedin

Recent News

Sherwood News
Here’s a rundown of the AI-powered humanoid robots that tech companies want to be your new roommates
2026-01-16
Cult of Mac
Today in Apple history: Bill Gates quits as Microsoft CEO
2026-01-16
Morningstar.com
Utilities Up on Demand Optimism — Utilities Roundup
2026-01-16
Company data provided by crunchbase