Senior Investigator

Overview

Job Overview

Microsoft’s Digital Crimes Unit (DCU) has an immediate opening for a highly qualified cybercrime investigator to immediately handle global investigations and drive high-impact disruption operations targeting sophisticated cybercriminal networks and online threat groups. DCU embodies Microsoft’s commitment to security and continues to innovate and evolve to combat the increasingly sophisticated actors operating in cyberspace. This role will focus on proactive, technical investigations of cyberattacks, fraud and scams, and other online threats directed at Microsoft’s customers and democratic institutions or abusing Microsoft’s products or services, including those leveraging Artificial Intelligence (AI) technology for malicious motives.

Microsoft’s Digital Crimes Unit

Microsoft’s DCU is a global team of attorneys, investigators, and analysts committed to leading the fight against cybercrime to protect our customers and promote global trust in Microsoft. Through strategic partnerships with Microsoft’s unparalleled threat intelligence community, fraud and abuse teams, and engineering support, DCU develops and employs innovative legal and technical strategies to detect, disrupt, and deter cybercrime, cyber-enabled fraud and scams, and other online threats. DCU sits in Customer Security & Trust (CST) within Microsoft’s Corporate, External, and Legal Affairs (CELA). DCU takes affirmative action to proactively defend against online threats and actors. Since its inception, DCU has filed lawsuits against over 35 malware families, state-sponsored actors, and the developers of cybercrime tools and services (including Cybercrime-as-a-Service platforms). (Link: https://www.youtube.com/watch?v=kHArmtKHAv8)

 

The Role

DCU is searching for a technically skilled investigator to join our agile and dedicated team. Ideal candidates should have a demonstrated interest in expanding their skills and expertise into new areas and cutting-edge technology, including AI, and commitment to the unique mission of DCU. AI has the potential to change the world, and Microsoft is committed to advancing ethical principles about its use and to identifying and combatting its misuse. Moreover, technology quickly changes, as do the threats and malicious activity. The candidate should be able to thrive in ambiguity, identify critical stakeholders, and deliver results under time constraints.

In this role, you will confront some of the most prolific cybercrimes, including ransomware and other malware, business email compromise (BEC) and account takeover attacks, tech support fraud, and the array of online scams, and some of the most sophisticated cyber actors, including financially motivated networks and state-sponsored groups. You will have the opportunity to work side-by-side and collaborate with world-class threat intelligence and security professionals, security engineers, and fraud and abuse analysts and investigators on investigations of complex cybercrime activity and to develop and compile evidence to build affirmative cases against criminal operations and cyber threat actors. You will serve as one of DCU’s investigative experts on cybercrime detection, identifying and mapping malicious technical infrastructure, preventing unauthorized access and misuse of Microsoft services, and protecting customers. Most significantly, you will make the online ecosystem a safer place for users globally.

Responsibilities

• Identify and analyze data sources to uncover cybercrime patterns and trends targeting our services and customers
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
• Collaborate with security engineers and cross-company stakeholders to implement comprehensive investigative and enforcement strategies
• Lead and support complex fraud investigations involving cyber‑enabled financial crime, including online scams, business email compromise (BEC), payment fraud, account abuse, and related large‑scale fraud activity.
• Conduct analysis on large, complex data sets to detect and investigate anomalies, develop actionable insights and strategies
• Identify and map malicious technical infrastructure used to facilitate cybercrime
• Work independently to detect, investigate, and understand new and emerging cybercrime attack vectors
• Partner with DCU attorneys to develop legal strategies to disrupt and impact online criminal networks
• Drafting criminal referrals for law enforcement
• Provide expert witness testimony in court filings and proceedings

Qualifications

Required Qualifications

• Bachelor’s degree & demonstrable experience in cyber investigations, threat intelligence, or cyber defense operations.
• Willingness to provide expert witness testimony in court filings and proceedings that will be made public.
• Proficient with Microsoft SQL Server, KQL, Python, and/or other scripting languages.
• Proficient knowledge of malware analysis, malware reverse engineering, and behavioral malware analysis.
• Demonstrated ability to author clear, accurate, and highly technical investigative reports that translate complex technical findings into actionable insights for non-technical audiences, including legal, executive, and law enforcement stakeholders.

Other Requirements

• Ability to meet Microsoft, customer, and/or government security screening requirements for this role (including specialized security screenings).
• Microsoft Cloud Background Check: required upon hire/transfer and every two years thereafter.
• Collaborative, team-first mindset.
• Proficient written and verbal communication skills, including the ability to translate complex technical findings for a broad range of stakeholders (e.g., law enforcement, legal counsel, and executives).

Preferred Qualifications

• Industry certifications related to security and/or investigations (e.g., incident response, computer forensics).
• Experience with sophisticated threat actor evidence, including familiarity with common Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and Tools, Techniques, and Procedures (TTPs).
• Extensive experience in attribution, creating threat groups, assessing linkages between established threat groups, and communicating attribution assessments to internal stakeholders.
• Experience leading or supporting complex fraud investigations, including large-scale online fraud, scams, business email compromise (BEC), payment fraud, account abuse, or related cyber-enabled financial crime.
• Proficiency with attacks on endpoints, cloud, network, and identity-based systems, along with demonstrable investigative practices and communication skills.
• Published research (blogs, presentations, etc.) on new threat actor TTPs.
• Experience in cryptocurrency and blockchain investigation tools.
• Advanced knowledge of network protocols and DNS sinkholing.
• Advanced knowledge of intelligence analysis and reporting using standard tools and techniques.
• Advanced skills in analyzing large datasets and developing effective investigative action plans.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

---

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.