Senior Security Investigator - Insider Risk
Microsoft
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
The Microsoft Insider Risk Program protects our people, data, and intellectual property from internal threats that could compromise the security and integrity of the company. Built on a foundation of collaboration, innovation, and analytical rigor, the program leverages advanced detections, behavioral analytics, and cross-disciplinary expertise to identify and mitigate insider risks across Microsoft’s global environments.
As a Senior Security Investigator – Insider Risk , you will lead complex insider threat investigations spanning on-premises, cloud, and endpoint systems. You will apply advanced analytical, forensic, and detection engineering techniques to identify, assess, and contain insider-driven threats. Partnering with Legal (CELA), HR, and security engineering teams, you will coordinate response actions, manage case communication, and ensure evidence integrity and governance compliance throughout the investigative lifecycle.
You will also contribute to the evolution of Microsoft’s insider threat detection and response capabilities by developing standard operating procedures, refining detection logic, and establishing metrics that measure investigative performance and program maturity. This role requires a balance of technical acumen, investigative precision, and sound judgment under pressure.
The ideal candidate is a analytical security professional with experience in threat detection, incident response, and behavioral analysis—someone who can synthesize data from diverse sources into cohesive narratives and drive meaningful risk reduction across the enterprise.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Responsibilities
Threat Detection & Analysis: Continuously assess security alerts generated by insider threat detection systems across on-prem, cloud, and endpoint environments. Analyze system logs, network traffic, authentication records, and application data to identify and assess potential security threats.
Detection Engineering: Design and implement detection rules, scripts, and algorithms to identify anomalous user behaviors indicative of insider threats. Apply advanced correlation techniques to link suspicious activities across multiple data sources and build comprehensive narratives around insider threat scenarios.
Incident Leadership & Response: Serve as technical lead during insider threat incidents, coordinating containment and remediation efforts with Legal (CELA), HR, and other security teams. Ensure timely and effective resolution of complex case.
Process Development & Standardization: Develop and maintain standard operating procedures (SOPs) and playbooks that streamline alert triage, investigation, and escalation processes. Continuously refine workflows to improve efficiency and consistency.
Metrics and Reporting: Develop and maintain standard operating procedures (SOPs) and playbooks that streamline alert triage, investigation, and escalation processes.
Qualifications
Minimum Qualifications:
- Bachelor's Degreee and 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
- OR equivalent experience.
- Proficiency in programing and query languages (e.g., Python, Powershell,SQL, KQL)
- Proficiency in Azure cloud environments, with a strong understanding of data flows, access management
- Experience in threat detection, incident response, and root-cause analysis in cloud environments.
Other Requirements:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customer and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government Clearance
Additional/Preferred Qualifications:
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
#MSFTSecurity #microsoftredteam
#MSCareerEvents25
#MSFTNBMBAA2025
#SCS #AzureSecurity
Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.