Microsoft

Fraud Operations Investigation Analyst

Microsoft  •  $120k - $261k/yr  •  Redmond, WA (Onsite)  •  2 hours ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

The Fraud Operations Investigation Analyst is a core member of Microsoft’s Fraud & Vetting Operations (FVO), responsible for conducting deep-dive investigations into complex fraud and abuse cases across Microsoft’s cloud and service ecosystem. This role is critical to protecting customer trust, reducing financial harm, and ensuring operational rigor in a high-stakes, rapidly evolving threat landscape. The analyst operates within a fraud-first, financially driven, and threat-actor informed model, collaborating closely with engineering, legal, compliance, and partner teams to deliver audit-defensible outcomes and continuous improvement.



Responsibilities

  • Fraud Investigation:
    • Conduct deep-dive investigations on accounts, tenants, and partners to determine fraud-from-birth, abuse, or legitimate compromise.
    • Correlate signals across systems and time, leveraging multiple evidence sources to reconstruct incident timelines and root causes.
    • Document findings, evidence, and investigative actions in a clear, audit-ready manner.
  • Remediation & Containment:
    • Execute blocks, suspensions, recoveries, and clean-up actions.
    • Coordinate remediation workflows with partners, customers, and legal as needed.
    • Ensure remediation accuracy and minimize customer/partner impact.
  • Monitoring & Triage:
    • 24x7 monitoring of fraud signals and alerts, validating detections and assessing severity.
    • Prioritize and route cases to appropriate investigative paths, including escalation for high-severity incidents.
  • Vetting & Trust Enforcement:
    • Perform security reviews and onboarding vetting for partners and identities.
    • Execute re-verification and post-incident vetting actions to enforce trust standards.
  • Playbook & SOP Documentation:
    • Write and maintain detailed SOPs and troubleshooting guides for investigative processes.
    • Contribute to centralized documentation and iterative updates for onboarding and operational excellence.
  • Continuous Improvement:
    • Provide structured feedback on detection efficacy, tooling gaps, and process improvements.
    • Participate in post-incident reviews and feed learnings back into detection and operational playbooks.

Success Measures

  • Quality and consistency of investigative outcomes (accuracy, auditability, customer impact).
  • Timeliness and effectiveness of remediation and containment actions.
  • Contribution to SOP/playbook improvements and operational maturity.
  • Collaboration and communication effectiveness with cross-functional teams.

Core Competencies

  • Analytical and problem-solving skills; able to synthesize complex data and signals into actionable insights.
  • Deep understanding of fraud, abuse, and threat actor tactics, techniques, and procedures (TTPs).
  • High attention to detail, documentation rigor, and audit-defensible decision making.
  • Effective communicator—able to document and present findings clearly to technical and non-technical audiences.
  • Collaborative mindset; works effectively across engineering, legal, compliance, and partner teams.
  • Adaptable and resilient in a fast-paced, ambiguous environment with shifting priorities.



Qualifications

Required Qualifications

  • Doctorate in Statistics, Mathematics, Computer Science, or related field
    • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
    • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
    • OR equivalent experience.

Additional Requirement

  • Participate in a scheduled on-call rotation, including weekends and public holidays, as required for high-priority investigations.

Preferred Qualifications

  • Certifications: CompTIA Security+, BlueTeam Level 1, SANS GSEC, GCIH, or similar.
  • Experience in Digital Forensics and Incident Response (DFIR) is highly advantageous.
  • Prior experience in fraud investigations, threat analysis, or security operations.

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200 - $261,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Microsoft

About Microsoft

Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesn’t just encourage curiosity; it embraces it. Each day we make progress together by showing up as our authentic selves. We show up with a learn-it-all mentality. We show up cheering on others, knowing their success doesn't diminish our own. We show up every day open to learning our own biases, changing our behavior, and inviting in differences. Because impact matters.

Microsoft operates in 190 countries and is made up of approximately 228,000 passionate employees worldwide.

Industry
IT & Software
Company Size
10,000+ employees
Headquarters
Redmond, Washington
Year Founded
Unknown
Website
microsoft.com
Social Media