Job Description

About the Role

Join a specialized team of analysts and engineers dedicated to detecting and responding to insider risk events. This senior-level role focuses on engineering Microsoft E5 tools to strengthen enterprise data protection and insider threat detection capabilities. You will lead the design, build, and operationalization of secure-by-default solutions anchored in Microsoft Purview and related technologies, ensuring compliance and resilience at scale.

Key Responsibilities

• Engineer Secure-by-Default E5 Data Protection
• Design and implement Microsoft Purview DLP policies across endpoints, Exchange, SharePoint, OneDrive, and Teams.
• Develop and maintain Sensitivity Label taxonomy with automated enforcement paths.
• Build Policy-as-Code Pipelines
• Create CI/CD workflows to version, test, and deploy DLP rules, label configurations, and governance artifacts across multiple environments.
• Integrate Security Telemetry
• Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics and detection.
• Leverage CrowdStrike telemetry to correlate endpoint behaviors with data movement signals for insider-risk and exfiltration scenarios.
• Develop Automations & Guardrails
• Build services and workflows (Azure Functions, Logic Apps, Graph API) for auto-remediation, revoking risky shares, and notifying data owners.
• Implement configuration baselines and drift detection for E5 security controls (MCAS, Conditional Access, etc.).
• Operate and Continuously Improve
• Maintain reliability for data protection pipelines, including SLIs/SLOs, runbooks, and incident playbooks.
• Create Splunk dashboards and correlation searches aligned to exfiltration, anomalous access, and label violations.
• Collaborate Across Teams
• Partner with Privacy and Compliance for audit-ready controls and evidence processes.
• Work with IAM, Insider Risk, and platform teams to align label taxonomy and enforcement with business workflows.
• Provide technical leadership and mentorship for engineers and analysts implementing new E5 features.

Required Qualifications

• 5+ years of experience in enterprise security or platform engineering.
• Hands-on expertise with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery).
• Proven ability to build policy-as-code for DLP/labels and automate administration using Graph API and PowerShell.
• Experience designing secure-by-default guardrails for SaaS/AI adoption, including Copilot.

Preferred Qualifications

• Strong background in data protection for regulated data (PII/PHI) and insider-risk detection.
• Experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (CIM, correlation searches).
• Familiarity with MCAS, Defender for Cloud Apps, and conditional access policies.
• Knowledge of HIPAA/PHI audit support and exception governance workflows.

Success Metrics (First 612 Months)

• Improved DLP policy efficacy and reduced unauthorized data movement.
• Increased label coverage and accuracy for sensitive content.
• End-to-end telemetry integration across Purview, Zscaler, CrowdStrike, and Splunk.
• Secure-by-default adoption and Copilot controls baselined.
• Audit readiness with complete evidence and exception closure rates.

Tools & Technologies

• Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk
• Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES)
• Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps

Job Tags

Similar Jobs