Job Description
The Cyber Defense Investigations – Escalations (CDI-ESC) team is Microsoft's deep-dive investigative arm within Cyber Defense Operations (CDO). We lead the most complex, high-severity, and nation-state security incidents across Microsoft's first-party cloud estate, conducting root cause analysis, blast radius assessment, threat actor attribution, and intelligence-driven hunting. Our work directly disrupts adversaries targeting Microsoft and our customers, and feeds platform-level fixes, detections, and intelligence back into the ecosystem. Join Microsoft's CDI Escalations team and work at the forefront of cyber defense, investigating the most complex nation-state, supply chain, cloud, and identity-based attacks targeting Microsoft. Our team goes beyond traditional incident response, we combine deep investigations, threat hunting, intelligence operationalization, and cross-organizational collaboration to identify adversaries, drive platform-wide security improvements, and build defenses that prevent future attacks. You'll partner with leaders across MSTIC, GHOST, Detection Engineering, and service teams, leverage AI-powered investigation techniques, and directly influence Microsoft's security posture while solving some of the industry's hardest security challenges. We are looking for a Senior Security Analyst to join the team! Starting February, 2026, Microsoft employees are expected to work from a designated Microsoft office at least three days a week if they live within 50 miles (U.S.) or 25 miles (non-U.S., country-specific) of that location. This expectation is subject to local law and may vary by jurisdiction.