Microsoft runs on trust, and our trusted cloud was built on the foundational principles of security, privacy, compliance, and transparency. We’re looking for people to help us keep that promise every day. Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with? Want to help us protect Microsoft customers and their data from adversaries? We are looking for a Principal Abuse & Fraud Specialist, to help protect our customers and services from those who try to abuse and misuse our services. In this role, you will leverage a mix of technical depth, engineering background, on-line services experience, and collaboration skills to help respond to threats and protect our cloud services from those who try to abuse them.

　　As a Principal Abuse & Fraud Specialist, for the Microsoft Security Response Center team (MSRC), you will work closely with other cloud and security experts across Microsoft to investigate abuse of our platform and services, proactively hunt for abuse, automate our capabilities, develop security tooling and data automation, and contribute your many experiences to protecting Microsoft and our customers. You will work to understand how adversaries misuse and abuse our platform and disrupt their activities. We work in a DevOps model within the security business, so we look for someone who has a passion for automating their way out of having to do the same thing twice and is always thinking about how to scale what we do to millions and millions of users, hosts, and operations. Working as a part of the Microsoft Security Response Center (MSRC), you will work to solve issues related to the latest security trends and early warning indicators, as well as help design solutions for emerging threats. MSRC is a fast-paced team that constantly provides new opportunities to learn and grow.

　　This is a unique opportunity within Microsoft to work in a team, taking on complex challenges in the business. Come bring your technical acumen, collaboration, and automation skills to protect customers.

　　Responsibilities

　　Plan and execute adversary hunt for abuse and misuse of our services using myriad log sources, network- and host-based tools, and threat intelligence to identify the threat actors and their tools and techniques.

　　Participate in- and contribute to- cyber threat intelligence sharing forums and platforms; organize and curate threat intelligence; form macroscopic perspective on adversaries, actors, and campaigns.

　　Perform investigation on suspected compromised assets and services and analyze log data and other artifacts to determine what occurred.

　　Partner with other teams across Microsoft to ideate, implement, and evolve systems and features to combat abuse.

　　Contribute to security policy and standards.

　　Drive fundamental improvement to the customer/partner experience in abuse scenarios.

　　Design, develop, debug, and deliver tooling to assist the investigative and hunting process.

　　Qualifications

　　Required/Minimum Qualifications

　　7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response

　　OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

　　2+ years of experience with anti-abuse, anti-fraud, anti-cybercrime with an understanding of common abuse and fraud types and patterns, such as: account takeover, phishing, ransomware, password attacks (brute force, spraying, cred stuffing), etc.

　　Other Requirements

　　Microsoft Cloud Background Check: The successful candidate must pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

　　Additional or Preferred Qualifications

　　10+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, anti-fraud

　　OR Master's Degree or Doctorate in Statistics, Mathematics, Computer Science or related field.

　　Skilled in extremely large data sets, to answer complex and ambiguous questions, using tools and languages like: SQL, KQL/Azure Data Explorer, Jupyter Notebook, Spark, R, U-SQL, Azure Synapse, Azure Machine Learning, Azure Data Lake, Python, or PowerBI.

　　Able to communicate to and influence- technical and non-technical audiences; ability to take highly ambiguous situations, achieve clarity, and align outcomes among many participants.

　　Security Operations Engineering IC5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.

　　Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

　　#MSFTSecurity

　　#SCIMJobs

　　#SecurityJobs

　　#Abuse

　　#Fraud

　　Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .