Fraud Operations Investigation Analyst

About The Position

Requirements

• Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience.
• Participate in a scheduled on-call rotation, including weekends and public holidays, as required for high-priority investigations.
• Analytical and problem-solving skills; able to synthesize complex data and signals into actionable insights.
• Deep understanding of fraud, abuse, and threat actor tactics, techniques, and procedures (TTPs).
• High attention to detail, documentation rigor, and audit-defensible decision making.
• Effective communicator—able to document and present findings clearly to technical and non-technical audiences.
• Collaborative mindset; works effectively across engineering, legal, compliance, and partner teams.
• Adaptable and resilient in a fast-paced, ambiguous environment with shifting priorities.

Nice To Haves

• Certifications: CompTIA Security+, BlueTeam Level 1, SANS GSEC, GCIH, or similar.
• Experience in Digital Forensics and Incident Response (DFIR) is highly advantageous.
• Prior experience in fraud investigations, threat analysis, or security operations.

Responsibilities

• Conduct deep-dive investigations on accounts, tenants, and partners to determine fraud-from-birth, abuse, or legitimate compromise.
• Correlate signals across systems and time, leveraging multiple evidence sources to reconstruct incident timelines and root causes.
• Document findings, evidence, and investigative actions in a clear, audit-ready manner.
• Execute blocks, suspensions, recoveries, and clean-up actions.
• Coordinate remediation workflows with partners, customers, and legal as needed.
• Ensure remediation accuracy and minimize customer/partner impact.
• 24x7 monitoring of fraud signals and alerts, validating detections and assessing severity.
• Prioritize and route cases to appropriate investigative paths, including escalation for high-severity incidents.
• Perform security reviews and onboarding vetting for partners and identities.
• Execute re-verification and post-incident vetting actions to enforce trust standards.
• Write and maintain detailed SOPs and troubleshooting guides for investigative processes.
• Contribute to centralized documentation and iterative updates for onboarding and operational excellence.
• Provide structured feedback on detection efficacy, tooling gaps, and process improvements.
• Participate in post-incident reviews and feed learnings back into detection and operational playbooks.

Benefits

• Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay