Overview

‍

As an Insider Risk Analyst – Cyber, you will play a critical role in identifying, validating, and responding to potential insider threats within Microsoft’s digital environment. You’ll analyze complex datasets, assess security alerts, and support investigations that involve data loss, misuse of privileged access, or anomalous user behavior. Working closely with engineers, analysts, and product teams, you will contribute to improving detection quality, refining playbooks, and advancing Microsoft’s insider risk detection capabilities. This role is ideal for someone who is detail-oriented, technically curious, and disciplined in execution. You’ll gain hands-on experience across detection development, incident response, and operational analysis—building the foundation for a career at the intersection of cybersecurity, data protection, and insider threat defense.

‍

‍

‍Responsibilities‍

Detection & Response

• Respond to detections and escalations related to Insider Threat.
• Provide investigation support, including containment and remediation during insider threat incidents.  

Investigation & Analysis

• Identify, collect, and analyze essential data from a variety of sources to validate suspicious behaviors.
• Ensure metrics are complete and accurate, and findings are documented in the case management system.

Collaboration & Coordination

• Coordinate investigation and mitigation steps with other internal teams across Microsoft globally.
• Work closely with engineering and first-party product teams to author new detections or tune existing ones to improve alert quality

Process & Continuous Improvement  

• Develop and maintain playbooks to improve processes, consistency, and information sharing across teams.

‍

‍

‍Qualifications‍

Required Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science, Cybersecurity or related field
  • OR equivalent experience.

‍

‍

Other Qualifications:

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.  
Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.  

‍

‍

Preferred Qualifications:

• Bachelor's Degree in Cyber Security or 2+ years of hands-on experience in security operations, threat detection and analysis, and/or incident response
• 1+ year(s) experience working with Sentinel, Defender or other equivalent tools
• 1+ year(s) experience using Azure cloud environments, with an understanding of data flows, access management
• 1+ year(s) experience working in a structured, process-driven environment with attention to detail and consistency.
• 1+ year(s) experience using programming languages (Python, Powershell) and query languages (SQL, KQL)

‍