Fraud Operations Investigation Analyst

Overview The Fraud Operations Investigation Analyst is a core member of Microsoft’s Fraud & Vetting Operations (FVO), responsible for conducting deep-dive investigations into complex fraud and abuse cases across Microsoft’s cloud and service ecosystem.

This role is critical to protecting customer trust, reducing financial harm, and ensuring operational rigor in a high-stakes, rapidly evolving threat landscape. The analyst operates within a fraud-first, financially driven, and threat-actor informed model, collaborating closely with engineering, legal, compliance, and partner teams to deliver audit-defensible outcomes and continuous improvement.

Responsibilities Fraud Investigation: Conduct deep-dive investigations on accounts, tenants, and partners to determine fraud-from-birth, abuse, or legitimate compromise. Correlate signals across systems and time, leveraging multiple evidence sources to reconstruct incident timelines and root causes.

Document findings, evidence, and investigative actions in a clear, audit-ready manner. Remediation & Containment: Execute blocks, suspensions, recoveries, and clean-up actions. Coordinate remediation workflows with partners, customers, and legal as needed.

Ensure remediation accuracy and minimize customer/partner impact. Monitoring & Triage: 24x7 monitoring of fraud signals and alerts, validating detections and assessing severity. Prioritize and route cases to appropriate investigative paths, including escalation for high-severity incidents.

Vetting & Trust Enforcement: Perform security reviews and onboarding vetting for partners and identities. Execute re-verification and post-incident vetting actions to enforce trust standards. Playbook & SOP Documentation: Write and maintain detailed SOPs and troubleshooting guides for investigative processes.

Contribute to centralized documentation and iterative updates for onboarding and operational excellence. Continuous Improvement: Provide structured feedback on detection efficacy, tooling gaps, and process improvements. Participate in post-incident reviews and feed learnings back into detection and operational playbooks.

Success Measures Quality and consistency of investigative outcomes (accuracy, auditability, customer impact). Timeliness and effectiveness of remediation and containment actions. Contribution to SOP/playbook improvements and operational maturity.

Collaboration and communication effectiveness with cross-functional teams. Core Competencies Analytical and problem-solving skills; able to synthesize complex data and signals into actionable insights. Deep understanding of fraud, abuse, and threat actor tactics, techniques, and procedures (TTPs).

High attention to detail, documentation rigor, and audit-defensible decision making. Effective communicator—able to document and present findings clearly to technical and non-technical audiences. Collaborative mindset; works effectively across engineering, legal, compliance, and partner teams.

Adaptable and resilient in a fast-paced, ambiguous environment with shifting priorities. Qualifications Required Qualifications Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.

Additional Requirement Participate in a scheduled on-call rotation, including weekends and public holidays, as required for high-priority investigations. Preferred Qualifications Certifications: CompTIA Security+, BlueTeam Level 1, SANS GSEC, GCIH, or similar.

Experience in Digital Forensics and Incident Response (DFIR) is highly advantageous. Prior experience in fraud investigations, threat analysis, or security operations. Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year.

There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year. Certain roles may be eligible for benefits and other compensation.

Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances.

If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.