Cyber Security Engineer

We’re seeking a senior cybersecurity engineer to design, build, and operationalize enterprise‑grade data protection capabilities anchored in Microsoft E5. You will lead engineering for Microsoft Purview (Information Protection & DLP, eDiscovery/Audit), Sensitivity Labels, and related guardrails—integrating telemetry and enforcement through Zscaler, Crowd Strike, and Splunk. This role bridges secure‑by‑default platform engineering with pragmatic automation to protect regulated data (e.g., PHI/PII) ior leadership has prioritized accelerating Copilot and E5 controls adoption, creating a high‑impact opportunity to shape how we protect data across SaaS and AI workloads.

• Design and implement Microsoft Purview DLP policies (endpoint, Exchange, SharePoint, One Drive, Teams) and Sensitivity Label taxonomy with automated enforcement paths.
• Build policy‑as‑code pipelines (CI/CD) to version, test, and deploy DLP rules, label configs, and governance artifacts in multiple environments.
• Integrate Zscaler SSE inspection with Purview controls; route events to Splunk for analytics, dashboards, and detections that close visibility and enforcement loops.
• Leverage Crowd Strike telemetry (e.g., Falcon/Shield) to correlate endpoint behaviors with data movement signals for insider risk and exfiltration use cases.
• Develop services and workflows (e.g., Azure Functions, Logic Apps, Graph API) to auto‑remediate mislabels, revoke risky shares, and notify data owners.
• Implement secure‑by‑default configuration baselines and drift detection for E5 security controls (MCAS/Defender for Cloud Apps, Conditional Access, etc.).
• Own reliability for data protection pipelines: SLIs/SLOs, runbooks, and incident playbooks in partnership with Insider Risk team.
• Create Splunk content (data models, dashboards, correlation searches) aligned to exfiltration, anomalous access, and label violations.
• Partner with Privacy and Compliance for audit‑ready controls (eDiscovery/Audit), evidence, and exception processes.
• Work with PSO, IAM, and Insider Risk to align label taxonomy and enforcement with business workflows and least privilege access.
• Provide technical leadership and mentoring for engineers/analysts rolling out new E5 features and operational support.

• 5+ years engineering experience in enterprise security or platform engineering; hands‑on with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery).
• Proven expertise building policy as code for DLP/labels (Git Hub/Azure Dev Ops), and automating Graph/Power Shell administration.
• Demonstrated ability to design secure‑by‑default guardrails and support rapid SaaS/AI adoption (including Copilot) without compromising compliance.

• Strong background in data protection for regulated data (PII/PHI), insider risk detection, and evidence‑driven investigations.
• Production experience with Zscaler (SSE/ZIA/ZPA), Crowd Strike (Falcon APIs/telemetry), and Splunk (TA configs, CIM, correlation searches).
• Experience migrating from legacy DLP (e.g., Forcepoint) to Microsoft DLP; building vendor‑neutral dictionaries and detection logic.
• Familiarity with MCAS/Defender for Cloud Apps, conditional‑access policies, and SSPM evaluations.
• Background in HIPAA/PHI audit support and exception governance workflows.

• DLP policy efficacy: reduction in unauthorized shares/exports; mean time to remediate violations.
• Label coverage & accuracy: percentage of sensitive content labelled; false‑positive/negative rate trends.
• Telemetry integration: end‑to‑end event flow (Purview → Zscaler/Crowd Strike → Splunk) with actionable detections.
• Secure‑by‑default adoption: number of guardrails implemented; drift detected/resolved;
  Copilot controls baselined.
• Audit readiness: evidence completeness for eDiscovery/Audit; exception closure rates.
• Data flows:
  Exchange/SharePoint/One Drive/Slack, endpoints, web proxies, CASB/SSE.

Mid‑Senior level

Contract

Information Technology

Business Consulting and Services

Apply BELOW