This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
The Fraud Operations Investigation Analyst is a core member of Microsoft’s Fraud & Vetting Operations (FVO), responsible for conducting deep-dive investigations into complex fraud and abuse cases across Microsoft’s cloud and service ecosystem. This role is critical to protecting customer trust, reducing financial harm, and ensuring operational rigor in a high-stakes, rapidly evolving threat landscape. The analyst operates within a fraud-first, financially driven, and threat-actor informed model, collaborating closely with engineering, legal, compliance, and partner teams to deliver audit-defensible outcomes and continuous improvement.
Job Responsibility
Conduct deep-dive investigations on accounts, tenants, and partners to determine fraud-from-birth, abuse, or legitimate compromise
Correlate signals across systems and time, leveraging multiple evidence sources to reconstruct incident timelines and root causes
Document findings, evidence, and investigative actions in a clear, audit-ready manner
Execute blocks, suspensions, recoveries, and clean-up actions
Coordinate remediation workflows with partners, customers, and legal as needed
Ensure remediation accuracy and minimize customer/partner impact
24x7 monitoring of fraud signals and alerts, validating detections and assessing severity
Prioritize and route cases to appropriate investigative paths, including escalation for high-severity incidents
Perform security reviews and onboarding vetting for partners and identities
Execute re-verification and post-incident vetting actions to enforce trust standards
Write and maintain detailed SOPs and troubleshooting guides for investigative processes
Contribute to centralized documentation and iterative updates for onboarding and operational excellence
Provide structured feedback on detection efficacy, tooling gaps, and process improvements
Participate in post-incident reviews and feed learnings back into detection and operational playbooks
Requirements
Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
Participate in a scheduled on-call rotation, including weekends and public holidays, as required for high-priority investigations
Nice to have
CompTIA Security+
BlueTeam Level 1
SANS GSEC
GCIH
Experience in Digital Forensics and Incident Response (DFIR)
Prior experience in fraud investigations, threat analysis, or security operations