Job Type Full-time Full Job Description The Digital Crimes Unit is seeking an experienced and knowledgeable investigator to develop and manage highly technical investigations involving ransomware impacting Microsoft, its customers and the general public. This position will require extensive analysis of multiple sources of threat intelligence to drive operational priorities. A successful candidate will have extensive experience in malware reverse engineering, behavioral analysis, live and traditional forensics as well as a deep technical understanding of malware, including ransomware, infrastructure and network protocols. This individual will develop custom complex automated ransomware analysis tools that are modular and reusable. The ideal candidate must possess a strong commitment to excellence and the ability to work both independently as well as an integral part of a high performing team. Candidates must also possess a strong background in development work and driving projects to meet tight timelines. For information on the types of investigations/cases DCU investigators work on, please go to: Digital Crimes Unit: Leading the fight against cybercrime - On the Issues (microsoft.com) Responsibilities Responsibilities Use data mining and other investigative techniques to deliver actionable intelligence and locate threat actors and infrastructure; gather evidence to build cases against them; and devise and execute effective disruption strategies. Employ investigative techniques and automated methods to proactively identify criminal infrastructure and threat actors. Use advanced open-source intelligence tools and techniques to find information about ransomware infrastructure, the crypto payment system that supports ransomware, and threat actors. Prepare investigative and analytical reports and communicate the results in a clear manner. Coordinate/assist DCU investigations with remote and/or on-site support during enforcement actions Communicate and clarify insights to groups with varied level of technical knowledge. Collaborate closely with investigators, attorneys, analysts, and external partners including Law Enforcement, including participation in meetings and presentations. Provide public court declarations or affidavits in support of malware operations. Qualifications Skills and Qualifications: Working knowledge in malware analysis, malware reverse engineering, and behavioral malware analysis Expert knowledge in network protocol analysis tools and techniques. Expert knowledge of network forensics to reverse engineer network protocol. Qualification in computer forensics with an industry wide recognized open-source intelligence training, or such similar fields of study Previous investigative role combining and analyzing large, complex data sets to detect anomalies, developing actionable insights, and generating tactical intelligence. Detail oriented and good investigative mind with an ability to follow complex logic and establish links from various data points. Ability to query, analyze and draw intelligent conclusions from large data sets. Demonstrated experience in blockchain analysis and knowledge of the cryptocurrency ecosystem Proficient in SQL, Excel, and Business Intelligence Tools Strong knowledge of internet technologies and cybercrime threats Demonstrated experience in memory forensics, live system forensics and traditional system forensics. Demonstrated experience in defensive and offensive operations against threats to corporate and/or consumer information systems and services. Demonstrated experience operating in secure malware laboratory environments. Expert knowledge of memory forensics to identify and understand memory resident malware. Experience Required: 4+ years in technical investigations for government and/or private sector organizations 4+ years intelligence analysis and/or business intelligence Required Tools Proficiency: Analytical Tools: Microsoft Excel, Microsoft Access, Kusto, Microsoft SQL, Paterva Maltego Preferred Qualifications: Experience in the Anti-Virus industry creating, modifying, and deploying threat signatures. Experience working joint cases with Law Enforcement. Experience with Cloud technology platforms such as Azure Ability to develop tools to understand and stay current on the ransomware threat landscape. Industry certifications related to security and programming #CELA Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.