Microsoft Digital Crimes Unit Technical Investigator 

Taiwan, Taoyuan City 

379999657

Microsoft’s Digital Crimes Unit (DCU) has an immediate opening for a highly qualified cybercrime investigator to immediately handle global investigations and drive high-impact disruption operations targeting sophisticated cybercriminal networks and online threat groups in the role of

Microsoft’s DCU is a global team of attorneys, investigators, and analysts committed to leading the fight against cybercrime to protect our customers and promote global trust in Microsoft.   Through strategic partnerships with Microsoft’s unparalleled Threat Intelligence community, fraud and abuse teams, and engineering support, DCU develops and employs innovative legal and technical strategies to detect, disrupt, and deter cybercriminals, nation-state actors, and cyber-enabled fraud actors. DCU sits in Customer Security & Trust (CST) within Microsoft’s Corporate, External, and Legal Affairs (CELA).

DCU takes affirmative action to defend against online threats and actors. Since its inception, DCU has filed lawsuits against approximately 30 malware families, nation state actors and the developers of prolific cybercrime tools (including cybercrime-as-a-service). (Link: https://www.youtube.com/watch?v=kHArmtKHAv8).

The Role

In this role, you will confront some of the most prolific cybercrimes, including ransomware and other malware, business email compromise (BEC) and account takeover attacks, tech support fraud, and the array of online scams, and some of the most sophisticated cyber actors, including financially motivated networks and state-sponsored groups. You will have the opportunity to work side-by-side and collaborate with world-class threat intelligence and security professionals, security engineers, and fraud and abuse analysts and investigators on investigations of complex cybercrime activity and to develop and compile evidence to build affirmative cases against sophisticated online criminal networks and nation-state actors.  You will serve as one of DCU’s investigativors on cybercrime detection, identifying and mapping malicious technical infrastructure, preventing unauthorized access and misuse of Microsoft services, and protecting customers. You will collaborate closely with various security teams across the company to help drive strategies to investigate and disrupt cybercrime to protect our service and customers. Most significantly, you will make the online ecosystem a safer place for users globally.

Required/minimum qualifications

• 4+ years experience in in computer investigations, data-analytics or related field
  • OR equivalent experience.
• Proficient in SQL and KQL
• Experience with computer forensics and incident response
• Experience with Python development or other programming languages

Additional or preferred qualifications

• Background in developing threat intelligence solutions
• Experience in crypto and blockchain investigations
• Comprehensive understanding of computer networking, including network protocols such as TCP/IP, DNS, DHCP, FTP, HTTP/HTTPS, SNMP, and ICMP
• Ability to collaborate with engineers to scope and develop large-scale data projects

Other Requirements:

• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations.  As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until July 30, 2025.

• and analyze data sources to uncover cybercrime patterns and trends targeting our services and customers

• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities

• Collaborate with security engineers and cross-company stakeholders to implement comprehensive investigative and enforcement strategies

• Conduct analysis on large, complex data sets to detect and investigate anomalies, develop actionable insights and strategies

• and map malicious technical infrastructure used tofacilitatecybercrime

• Work independently to detect, investigate, and understand new and emerging cybercrime attack vectors

• Partner with DCU attorneys to develop legal strategies to disrupt andimpactonline criminal networks

• Drafting criminal referrals for law enforcement

• Provide witness testimony in courtfilings and