Senior Security Investigator - Insider Risk

Microsoft

About The Position

Overview The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. The Microsoft Insider Risk Program protects our people, data, and intellectual property from internal threats that could compromise the security and integrity of the company. Built on a foundation of collaboration, innovation, and analytical rigor, the program leverages advanced detections, behavioral analytics, and cross-disciplinary expertise to identify and mitigate insider risks across Microsoft’s global environments. As a Senior Security Investigator – Insider Risk , you will lead complex insider threat investigations spanning on-premises, cloud, and endpoint systems. You will apply advanced analytical, forensic, and detection engineering techniques to identify, assess, and contain insider-driven threats. Partnering with Legal (CELA), HR, and security engineering teams, you will coordinate response actions, manage case communication, and ensure evidence integrity and governance compliance throughout the investigative lifecycle. You will also contribute to the evolution of Microsoft’s insider threat detection and response capabilities by developing standard operating procedures, refining detection logic, and establishing metrics that measure investigative performance and program maturity. This role requires a balance of technical acumen, investigative precision, and sound judgment under pressure. The ideal candidate is a analytical security professional with experience in threat detection, incident response, and behavioral analysis—someone who can synthesize data from diverse sources into cohesive narratives and drive meaningful risk reduction across the enterprise. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Requirements

Bachelor's Degreee and 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
OR equivalent experience.
Proficiency in programing and query languages (e.g., Python, Powershell,SQL, KQL)
Proficiency in Azure cloud environments, with a strong understanding of data flows, access management
Experience in threat detection, incident response, and root-cause analysis in cloud environments.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customer and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government Clearance

Nice To Haves

Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience.
CISSP CISA CISM SANS OSCP Security+

Responsibilities

Threat Detection & Analysis: Continuously assess security alerts generated by insider threat detection systems across on-prem, cloud, and endpoint environments. Analyze system logs, network traffic, authentication records, and application data to identify and assess potential security threats.
Detection Engineering: Design and implement detection rules, scripts, and algorithms to identify anomalous user behaviors indicative of insider threats. Apply advanced correlation techniques to link suspicious activities across multiple data sources and build comprehensive narratives around insider threat scenarios.
Incident Leadership & Response: Serve as technical lead during insider threat incidents, coordinating containment and remediation efforts with Legal (CELA), HR, and other security teams. Ensure timely and effective resolution of complex case.
Process Development & Standardization: Develop and maintain standard operating procedures (SOPs) and playbooks that streamline alert triage, investigation, and escalation processes. Continuously refine workflows to improve efficiency and consistency.
Metrics and Reporting: Develop and maintain standard operating procedures (SOPs) and playbooks that streamline alert triage, investigation, and escalation processes.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume