More jobs:
Government Cloud Investigations Analyst - CTJ - TS Security Clearance
Job in
Redmond, King County, Washington, 98052, USA
Listed on 2026-07-06
Listing for:
Microsoft Corporation
Full Time
position Listed on 2026-07-06
Job specializations:
-
IT/Tech
Cybersecurity, Security Management & Operations
Job Description & How to Apply Below
Overview Within Fraud & Vetting Operations is Microsoft's global Fraud Operations function responsible for detecting, investigating, and disrupting fraud at scale-combining incident response, threat hunting, and governance to reduce financial harm and protect Microsoft's ecosystem. We are looking to hire a Government Cloud Investigations Analyst to join our Fraud & Vetting Operations (FVO) team, where you will be responsible for conducting high-impact investigations into fraud, abuse, and security incidents within U.S. Government cloud environments (e.g., Azure Government, GCC, GCC High, DoD).
This role operates in a high-trust, regulated environment, requiring strict adherence to federal compliance frameworks (e.g., CJIS, FedRAMP, DoD SRG) while delivering audit-defensible, evidence-based investigative outcomes that protect government customers, national interests, and Microsoft services. As a Government Cloud Investigations Analyst, you will operate within a fraud-first, threat-actor-informed model, partnering with engineering, legal, compliance, and government stakeholders to detect, investigate, and remediate sophisticated threats.
At Microsoft, our mission to empower every person and every organization on the planet to achieve more guides how we partner with customers to deliver trusted, impactful solutions. With a growth-mindset culture, we innovate responsibly and measure success by shared progress, people, teams, and customers. Join us to do meaningful work that changes the world and helps shape what's next for everyone.
Responsibilities
1. Investigations & Analysis
* Conduct deep-dive investigations into:
* Fraud-from-birth tenants, account compromise, abuse of government cloud resources
* Insider risk, misuse of privileged access, and policy violations within regulated environments
* Correlate signals across identity, billing, telemetry, and cross-tenant activity to reconstruct attack timelines and determine root cause
* Differentiate fraud vs. compromise vs. legitimate activity using structured decision frameworks and evidence correlation
2. Incident Response & Escalation
* Own or support Sev-1 / Sev-2 incidents within Government cloud environments
* Execute containment actions:
* Account disablement, service restrictions, tenant isolation, enforcement actions
* Coordinate with:
* Legal, Privacy, Engineering, and Federal engagement teams
* Provide executive-ready risk assessments and case summaries for high-visibility incidents
3. Case Ownership & Operational Excellence
* Manage investigations end-to-end:
* Intake → Investigation → Containment → Documentation → Closure
* Ensure SLA adherence (time-to-contain, response timelines, throughput)
* Maintain high-quality, audit-ready documentation aligned to policy and compliance standards
* Serve as final decision authority for investigative disposition in assigned cases
4. Threat Hunting & Proactive Detection
* Identify emerging fraud patterns and adversary modus operandi (MO)
* Partner with threat hunting teams to:
* Surface unknown threats
* Validate detection gaps
* Feed improvements into detection systems
* Contribute to proactive investigation strategies across Gov Cloud workloads
5. Process, Policy & Continuous Improvement
* Develop and refine Standard Operating Procedures (SOPs)
* Improve:
* Investigation quality standards
* Decision frameworks
* Automation opportunities
* Ensure consistent application of:
* Enforcement policies
* Audit defensibility standards
* Cross-team operational discipline
6. Cross-Functional Collaboration
* Work across:
* Engineering (detections, telemetry, automation)
* Legal & Compliance (regulatory alignment, enforcement authority)
* Government stakeholders (data governance, access, escalation)
* Act as a subject matter expert (SME) for fraud investigations within Government cloud environments
7. Other
* Embody our culture and values Qualifications Required/Minimum Qualifications
* Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC)…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×