Senior Corporate Counsel, Digital Crimes Unit, Customer Security & Trust

at  Microsoft

Microsoft’s Digital Crimes Unit (DCU) has an immediate opening an attorney to handle global investigations and drive high-impact disruption operations targeting sophisticated cybercriminal networks and other online threats, including ransomware groups, nation-state actors and affiliates, and those abusing Artificial Intelligence (AI) technology for malicious purposes. This Senior Corporate Counsel, Digital Crimes Unit, Customer Security & Trust role will focus on driving proactive civil litigation matters, legal and technical innovation, and external outreach and engagements to defend against cyberattacks and threats directed at Microsoft, its customers, and democratic institutions.
Microsoft’s DCU is a global team of attorneys, investigators, and analysts committed to leading the fight against cybercrime to protect our customers and promote global trust in Microsoft. Through strategic partnerships with Microsoft’s unparalleled Threat Intelligence community, fraud and abuse teams, and engineering support, the DCU develops and employs innovative legal and technical strategies to detect, disrupt, and deter cybercriminals, nation-state actors, and cyber-enabled fraud actors. The DCU is a member of the Customer Security & Trust (CST) team within Microsoft’s Corporate, External, and Legal Affairs (CELA).
The DCU takes affirmative action to defend against online threats and actors. Since its inception, the DCU has filed lawsuits against approximately 30 malware families, nation-state actors and the developers of prolific cybercrime tools (including cybercrime-as-a-service). In partnership with governments and Internet Service Providers, the DCU has identified and shared information from these actions to remediate approximately 500 million victims worldwide, while also using the intelligence gained in these operations to better secure Microsoft’s products and services against cyber threats. We see these lawsuits both as a deterrent to cybercriminals – especially when we can identify the actors and share this information with law enforcement, often in the form of criminal referrals for prosecution – and as a shield for our customers, allowing us to takedown harmful criminal infrastructure and potentially seek financial remedies to recover stolen funds.

QUALIFICATIONS

Required/Minimum Qualifications

• Juris Doctor Degree or international equivalent degree AND 6+ years experience as a practicing attorney
• OR equivalent experience.
• Active license to practice law in a jurisdiction and capable of meeting admission requirements in relevant jurisdiction.
• Experience translating complex technical findings for a broad range of stakeholders, such as law enforcement, legal counsel, and executives

Additional or Preferred Qualifications

• A desire to learn, grow, and drive change
• A collaborative and team-first mindset
• Experience engaging with government officials and law enforcement, including Department of Justice (DOJ), FBI, and foreign equivalents.
• Experience handling complex criminal investigations and litigation, including violations under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), Access Device Fraud (18 U.S.C. § 1029), Racketeer Influenced and Corrupt Organizations (18 U.S.C. § 1961), and Lanham Act (18 U.S.C. § 2320).
• Experience handling complex civil litigation, including intellectual property claims, such as the Digital Millennium Copyright Act (DMCA).
• Experience developing, evaluating, and executing high-impact strategic projects, and the ability to adapt to quickly shifting guidance and priorities.
• Familiarity with the Electronic Communications Privacy Act (ECPA) and other laws and regulations governing disclosure of and access to electronically stored data.
• Experience with managing projects and partnering with cross-functional teams.
• Experience working in or with technology companies or emerging technologies, including artificial intelligence (AI), and ability to understand complex technical issues.
• Experience with high-risk incident response within internet or technology companies, including expertise in privacy, data security, or consumer protection subject matter.

Legal Counsel IC5 - The typical base pay range for this role across the U.S. is USD $141,800 - $248,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $179,300 - $268,900 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until December 5, 2024.

RESPONSIBILITIES

AI has the potential to change the world, and Microsoft is committed to advancing ethical principles about its use and to identifying and combatting its misuse. Moreover, technology quickly changes, as do the threats and malicious activity.
In this role, you will confront some of the most prolific cybercrimes, including ransomware and other malware, business email compromise (BEC) and account takeover attacks, tech support fraud, and the array of online scams, and some of the most sophisticated cyber actors, including financially motivated networks and state-sponsored groups. You will have the opportunity to work side-by-side and collaborate with world-class threat intelligence and security teams across the company to help drive strategies to investigate and disrupt cybercrime to protect our service and customers. Most significantly, you will make the online ecosystem a safer place for users globally.

RESPONSIBILITIES:

• Work independently and on cross-discipline teams on various projects relating to investigations, litigation, and enforcement actions.
• Oversee the collection and production of accurate information in drafting of court filings, law enforcement referrals, and internal/external cybersecurity reporting.
• Develop and implement legal and technical strategies to scale the DCU’s operations, including the ongoing incorporation of AI technology.
• Provide legal advice on government requests for data and voluntary disclosures of data.
• Engage with government officials, industry representatives, and customers regarding various cybersecurity and cybercrime issues.