Information Security Engineer Sr - Data Loss Prevention (DLP)

The Senior Information Security Engineer supports the organizations cybersecurity efforts by assisting with security projects, access control, and continuous monitoring of the IT environment. This role plays a key part in incident response, auditing, and threat detection, while also maintaining up-to-date documentation and supporting compliance initiatives. The analyst collaborates across departments, resolves help desk tickets, and contributes to the development of a secure infrastructure. Through ongoing training and professional development, the analyst ensures alignment with evolving security standards and best practices., Typical duties may include: Configuring & Managing DLP Solution ' Develop, test, and deploy DLP policies and rules based on business, regulatory (HIPAA, PCI etc.), and compliance requirements. ' Actively monitor the Microsoft Purview compliance portal for alerts and events. This involves investigating, triaging, and responding to DLP incidents, distinguishing between true positives and false positives. ' Analyze, review, and fine-tune DLP rules to improve accuracy, reduce false positives, and minimize disruptions to legitimate business workflows. ' Onboard and configure endpoint devices to prevent data loss (e.g., restricting data copying to USB drives, printing, or uploading to personal cloud storage) via Microsoft Intune or Defender for Endpoint. ' Work with vendors to upgrade, patch, and maintain DLP infrastructure, including agent deployment and management consoles. ' Understand LLMs and the importance of DLP to safeguard data from getting compromised.

Incident Response ' Being able to respond to an incident in case sensitive data gets exfiltrated/ compromised. ' Familiarity with IR processes pertaining to DLP, forensic techniques, and security event escalation workflows. Insider Threat ' Configure & maintain an Insider Threat framework in MS Purview. ' Train and collaborate with the SOC team to monitor Insider Threat logs.

Degrees / Work Experience / School Education: Bachelors of Science in Information Technology or related field (And) Five (5) Years Work Experience related industry experience (clinical or business). (Or) High School Diploma or GED (And) Nine (9) Years Work Experience related industry experience (clinical or business).

Licenses & Certifications: Security + (or) Cisco security certifications GIAC (or) CISSP upon hire or one of these must be obtained within 6 months of accepting position

Work Experience: Four (4) Years Work Experience in a security and compliance role. Ability to evaluate and review a range of information systems and applications to include' Windows, Unix, IBM, Cisco.

We are seeking an experienced Microsoft Purview DLP Engineer to design, implement, and manage our data loss prevention strategy. As a key member of the security team, you will be responsible for safeguarding sensitive information across the enterprise, including Microsoft 365 workloads (Exchange, SharePoint, OneDrive, Teams), endpoint devices, and cloud apps. You will collaborate with cross-functional teams to identify data risks, create, and refine DLP policies, and respond to incidents. The candidate should be able to work in a hybrid model and be ready to come to office when needed., ' Bachelor's degree in Cybersecurity/IT or equivalent experience. ' 2'4+ years of experience with DLP, ideally with MS Purview. ' Hands on experience with M365 ecosystem. ' SC-401 and/or SC-200 certified OR equivalent experience in MS Purview. ' Strong analytical and communication skills. ' Team-oriented with a positive and professional approach. Preferred Qualifications: ' Expertise in MS Purview especially with Data Loss Prevention (DLP), Information Protection, Sensitivity Labels, Insider Risk Management, Audit, and eDiscovery. ' Entra ID (Azure AD) knowledge, Conditional Access, RBAC, MFA, PIM. ' Familiarity with Microsoft Defender suite (Endpoint, Identity, Cloud Apps) and SIEM/SOAR platforms. ' Understanding data classification, PII/PHI/PCI data, and common exfiltration methods (email, web, cloud). ' Knowledge of GDPR, HIPAA, CCPA, PCI-DSS. ' Strong analytical and communication skills.