MS Purview Data Security Engineer – IRM

SUMMARY: Client requires a US-based MS Purview Data Security Engineer to support their Data Security and Insider Risk Management objectives.

HIERARCHY: Reports to Engagement Manager

PRIMARY DUTIES:

• Implement new and updates to Microsoft Purview Insider Risk Management policies
• Implement, test, and maintain Microsoft Purview DLP Sensitive Info Type custom classifiers
• Implement, test, and maintain Microsoft Purview DLP policies
• Perform analysis of user requests associated to Microsoft Purview Auto Labeling data misclassification classification
• Generate and maintain Auto labeling reporting
• Analyze Microsoft Purview DLP alerts to proactively identify opportunities for improvements
• Process change request within the change management system
• Escalate and work with Vendor on service-related issues and incidents

COMPENTENCY: Candidate must have a strong background in Microsoft Purview and Data Loss Protection capabilities in an enterprise environment. Exposure to insider risk management is a plus.

EXPERIENCE:

• 3–5 years of experience in security operations, insider risk management, or data protection within Microsoft 365 environments including Security Compliance.
• Hands-on experience with Microsoft Purview, especially Insider Risk Management, Data Loss Prevention (DLP), and Information Protection.

QUALIFICATIONS:

• Prior experience implementing and managing Microsoft Purview solutions (Insider Risk Management, DLP, Auto Labeling)
• Proficiency in Microsoft Purview Insider Risk Management, including policy creation, alert analysis, and tuning
• Creating and managing Insider Risk Management policies.
• Designing and deploying DLP policies and Sensitive Information Types (SITs).
• Building and tuning custom classifiers (e.g., keyword dictionaries, trainable classifiers).
• Implementing and troubleshooting auto-labeling for sensitivity labels.
• Experience using PowerShell for data ingestion and automation tasks related to Purview
• Familiarity with Microsoft adaptive scopes and security group management
• Experience integrating security services into the Software Development Lifecycle (SDLC)
• Familiarity with ITIL-based change management processes.
• Experience using tools like ServiceNow, Jira, or similar for change requests and incident tracking.
• Ability to escalate and collaborate with Microsoft support or third-party vendors.
• Ability to troubleshoot and analyze Insider Risk Management alerts to identify root causes and optimize policy configurations
• Analyzing DLP alerts and auto-labeling misclassifications.
• Generating reports using Microsoft Purview compliance portal, Power BI, or Kusto Query Language (KQL).
• Identifying trends and recommending policy improvements.
• Skilled in documenting processes, maintaining policy configurations, and generating actionable insights
• Experience working with vendors to escalate and resolve service-related issues
• Understanding of data classification, regulatory compliance (e.g., GDPR, HIPAA), and insider threat detection.
• Knowledge of Microsoft 365 Defender, Microsoft Sentinel, and Azure Information Protection is a plus.
• Strong interpersonal skills with the ability to conduct internal training and knowledge sharing sessions
• Comfortable participating in team meetings to discuss tuning opportunities, issues, and scheduling
• Clear and concise documentation and communication skills across technical and non-technical stakeholders
• Excellent attention to detail
• Strong organizational skills
• Excellent analytical skills
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint
• Collaborative team worker – both in person and virtually using MS Teams or similar
• Ability to work as liaison between business and information security / information technology
• Flexibility to accommodate working across different time zones
• Excellent interpersonal communication skills with strong spoken and written English
• Business outcomes mindset
• Solid balance of strategic thinking with detail orientation
• Self-starter, ability to take initiative
• To perform the job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative

REQUIRED EDUCATION: BS in Computer Science, Information Security or related field of study, or equivalent work experience. Relevant certifications such as Microsoft Information Protection Administrator Associate, GIAC Security Operations Certified (GSOC), Certified Information Systems Security Professional (CISSP) or similar is preferred.

LANGUAGE SKILLS: English

PHYSICAL DEMANDS:

• Regular use of hands and fingers to operate a computer keyboard, mouse, and other office equipment.
• Regular, repetitive movements such as typing, mouse movements, and scrolling. Ability to hear and understand spoken communications, both in person and via remote communication tools (e.g., phone, video conferencing).
• Ability to see and read computer screens and printed documents, as well as adjust focus. This includes prolonged periods of looking at a computer screen.