JOB DESCRIPTION
Were seeking a senior cybersecurity engineer to design, build, and operationalize enterprise grade data protection capabilities anchored in Microsoft E5. You will lead engineering for Microsoft Purview (Information Protection & DLP, eDiscovery/Audit), Sensitivity Labels, and related guardrailsintegrating telemetry and enforcement through Zscaler, CrowdStrike, and Splunk. This role bridges secure-by-default platform engineering with pragmatic automation to protect regulated data (e.g., PHI/PII) at scale. Senior leadership has prioritized accelerating Copilot and E5 controls adoption, creating a high impact opportunity to shape how we protect data across SaaS and AI workloads.
What Youll Do
Engineer secure-by-default E5 data protection
Design and implement Microsoft Purview DLP policies (endpoint, Exchange, SharePoint, OneDrive, Teams) and Sensitivity Label taxonomy with automated enforcement paths.
Build policy-as-code pipelines (CI/CD) to version, test, and deploy DLP rules, label configs, and governance artifacts in multiple environments.
Integrate Zscaler, CrowdStrike, and Splunk
Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics, dashboards, and detections that close visibility and enforcement loops.
Leverage CrowdStrike telemetry (e.g., Falcon/Shield) to correlate endpoint behaviors with data movement signals for insider risk and exfiltration use cases.
Build automations & guardrails
Develop services and workflows (e.g., Azure Functions, Logic Apps, Graph API) to auto remediate mislabels, revoke risky shares, and notify data owners.
Implement secure-by-default configuration baselines and drift detection for E5 security controls (MCAS/Defender for Cloud Apps, Conditional Access, etc.).
Operate and continuously improve
Own reliability for data protection pipelines: SLIs/SLOs, runbooks, and incident playbooks in partnership with Insider Risk team.
Create Splunk content (data models, dashboards, correlation searches) aligned to exfiltration, anomalous access, and label violations.
Partner with Privacy and Compliance for audit ready controls (eDiscovery/Audit), evidence, and exception processes.
Collaborate across security & platform teams
Work with PSO, IAM, and Insider Risk to align label taxonomy and enforcement with business workflows and least privilege access.
Provide technical leadership and mentoring for engineers/analysts rolling out new E5 features and operational support.
Required Qualifications
5+ years engineering experience in enterprise security or platform engineering; hands-on with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery).
Proven expertise building policy as code for DLP/labels (GitHub/Azure DevOps), and automating Graph/PowerShell administration.
Demonstrated ability to design secure-by-default guardrails and support rapid SaaS/AI adoption (including Copilot) without compromising compliance.
Nice to Have
Strong background in data protection for regulated data (PII/PHI), insider risk detection, and evidence driven investigations.
Production experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (TA configs, CIM, correlation searches).
Experience migrating from legacy DLP (e.g., Forcepoint) to Microsoft DLP; building vendor neutral dictionaries and detection logic.
Familiarity with MCAS/Defender for Cloud Apps, conditional access policies, and SSPM evaluations.
Background in HIPAA/PHI audit support and exception governance workflows.
Success Metrics (first 612 months)
DLP policy efficacy: reduction in unauthorized shares/exports; mean time to remediate violations.
Label coverage & accuracy: % of sensitive content labelled; false positive/negative rate trends.
Telemetry integration: end-to-end event flow (Purview Zscaler/CrowdStrike Splunk) with actionable detections.
Secure-by-default adoption: # of guardrails implemented; drift detected/resolved; Copilot controls baselined.
Audit readiness: evidence completeness for eDiscovery/Audit; exception closure rates.
Tools & Technologies (primary)
Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk
Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES)
Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps
Data flows: Exchange/SharePoint/OneDrive/Slack, endpoints, web proxies, CASB/SSE
...Job Description Simulation & Education Specialist Travel Montana | Teach Clinicians | Improve... ...others, adapting on the fly, and working independently while being part of a supportive... ...& Travel (Read This First)~ Preferred home base: Bozeman, Billings, Three Forks, or...
...Specialty/Competency: International Tax Services Industry/Sector:... ...strategy. These individuals help businesses navigate complex tax... ...lead and deliver value at this level include but are not limited to... ...intend to hire experienced or entry level job seekers who will need...
...We are seeking a skilled Cybersecurity Engineer to design, implement, and maintain robust security solutions to protect our organization's digital assets. The ideal candidate will have real-world experience with current firewall technologies, Threat detection, vulnerability...
...Project Manager (Entry-Level to Senior) Construction | Ground-Up | Tilt-Up, Concrete, Cold Storage Overview We are seeking Project... ...risks and develop solutions Mentor Project Engineers and junior staff Senior Project Manager Lead large, complex ground...
...evidence-based treatment, aimed at improving the quality of life for those we serve. We are currently seeking a Peer Recovery Support Specialist to join our Urgent Recovery Center (URC) team. This role involves providing peer-based recovery support, advocacy, and...