Digital Crimes Unit Technical Investigator

Share job

Date posted

Jul 09, 2025

Job number

1840980

Work site

Microsoft on-site only

Travel

0-25 %

Role type

Individual Contributor

Profession

Governance, Risk, & Compliance

Discipline

Investigations

Employment type

Full-Time

Microsoft’s Digital Crimes Unit (DCU) has an immediate opening for a highly qualified cybercrime investigator to immediately handle global investigations and drive high-impact disruption operations targeting sophisticated cybercriminal networks and online threat groups in the role of Digital Crimes Unit Technical Investigator. DCU embodies Microsoft’s commitment to security and continues to innovate and evolve to combat the increasingly sophisticated actors operating in cyberspace. This role will focus on proactive, technical investigations of cyberattacks and threats directed at Microsoft, its customers, and democratic institutions, including those abusing Artificial Intelligence (AI) technology for malicious motives.

Microsoft’s Digital Crimes Unit

Microsoft’s DCU is a global team of attorneys, investigators, and analysts committed to leading the fight against cybercrime to protect our customers and promote global trust in Microsoft. Through strategic partnerships with Microsoft’s unparalleled Threat Intelligence community, fraud and abuse teams, and engineering support, DCU develops and employs innovative legal and technical strategies to detect, disrupt, and deter cybercriminals, nation-state actors, and cyber-enabled fraud actors. DCU sits in Customer Security & Trust (CST) within Microsoft’s Corporate, External, and Legal Affairs (CELA).

DCU takes affirmative action to defend against online threats and actors. Since its inception, DCU has filed lawsuits against approximately 30 malware families, nation state actors and the developers of prolific cybercrime tools (including cybercrime-as-a-service). (Link: https://www.youtube.com/watch?v=kHArmtKHAv8).

The Role

DCU is searching for a technically skilled investigator to join our agile and dedicated team. Candidates should have a demonstrated interest in expanding their skills into new areas and cutting-edge technology, including AI, and commitment to the unique mission of DCU. AI has the potential to change the world, and Microsoft is committed to advancing ethical principles about its use and to identifying and combatting its misuse. Moreover, technology quickly changes, as do the threats and malicious activity. The candidate should be able to thrive in ambiguity, identify critical stakeholders, and deliver results under time constraints.

In this role, you will confront some of the most prolific cybercrimes, including ransomware and other malware, business email compromise (BEC) and account takeover attacks, tech support fraud, and the array of online scams, and some of the most sophisticated cyber actors, including financially motivated networks and state-sponsored groups. You will have the opportunity to work side-by-side and collaborate with world-class threat intelligence and security professionals, security engineers, and fraud and abuse analysts and investigators on investigations of complex cybercrime activity and to develop and compile evidence to build affirmative cases against sophisticated online criminal networks and nation-state actors. You will serve as one of DCU’s investigativors on cybercrime detection, identifying and mapping malicious technical infrastructure, preventing unauthorized access and misuse of Microsoft services, and protecting customers. You will collaborate closely with various security teams across the company to help drive strategies to investigate and disrupt cybercrime to protect our service and customers. Most significantly, you will make the online ecosystem a safer place for users globally.

Required/minimum qualifications

• 4+ years experience in in computer investigations, data-analytics or related field
  • OR equivalent experience.
• Proficient in SQL and KQL
• Experience with computer forensics and incident response
• Experience with Python development or other programming languages

Additional or preferred qualifications

• Background in developing threat intelligence solutions
• Experience in crypto and blockchain investigations
• Comprehensive understanding of computer networking, including network protocols such as TCP/IP, DNS, DHCP, FTP, HTTP/HTTPS, SNMP, and ICMP
• Ability to collaborate with engineers to scope and develop large-scale data projects

Other Requirements:

• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local [or INSERT applicable country] government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Investigations IC4 - The typical base pay range for this role across the U.S. is USD $96,500 - $188,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $123,500 - $206,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until July 30, 2025.

#CELA

• Identify and analyze data sources to uncover cybercrime patterns and trends targeting our services and customers

• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities

• Collaborate with security engineers and cross-company stakeholders to implement comprehensive investigative and enforcement strategies

• Conduct analysis on large, complex data sets to detect and investigate anomalies, develop actionable insights and strategies

• Identify and map malicious technical infrastructure used to facilitate cybercrime

• Work independently to detect, investigate, and understand new and emerging cybercrime attack vectors

• Partner with DCU attorneys to develop legal strategies to disrupt and impact online criminal networks

• Drafting criminal referrals for law enforcement

• Provide witness testimony in court filings and proceedings