IT Security Analyst , Sr

Details:

Program architecture & governance

• Design a right‑sized DLP program plan: Scope, milestones, RACI, and stakeholder cadence aligned to Phase 1-3 (Visibility & Quick Wins → Classification Foundations → Label‑Aware Enforcement & Operational Readiness).
• Produce a DLP Triage Runbook (alert flows, escalation paths, SLAs, remediation steps) and a Governance 'Quick Wins' checklist to sustain operations after the trial.
• Define and obtain prerequisites: admin access, pilot user/site scope, device‑management alignment (SCCM/Intune), and decision makers for weekly reviews.
• Policy Management: Develop, implement, and manage DLP policies tailored
  

• Reporting and Analytics: Generate detailed reports on DLP incidents, trends,
  

• System Maintenance: Perform troubleshooting of endpoint DLP systems
  

• Deep understanding of various M365 services, such as SharePoint Online, Teams, OneDrive, and related applications. Which includes managing site collections, libraries, lists, and workflows to optimize user experience.
• Strong understanding of architecture, security, permissions management, and content organization.
  

Microsoft Purview & classification

• Collaborate with business owners to finalize a sensitivity label taxonomy (names, markings, protection settings) and author end‑user guidance.
• Configure auto‑label policies in simulation, analyze detection accuracy, and tune to reduce false positives before enforcement.
  

Endpoint DLP (OneDrive/SharePoint & Office)

• Architect and implement Endpoint DLP to control exfiltration paths tied to OneDrive sync and Office apps (e.g., print/copy/upload/USB/network share as appropriate), with targeted pilots and minimal disruption.
• Establish monitoring, alert routing, and evidence capture for Endpoint DLP incidents; iterate policies from simulation → audit → block with business sign‑off. (Anchored to pilot deliverables and DLP expansion in Phase 3.)
  

Label‑aware access & session controls

• Implement label‑aware Conditional Access or Defender for Cloud Apps (MDCA) session controls so access/download behavior respects content sensitivity (e.g., restrict downloads of 'Confidential' content on unmanaged devices while allowing benign access to 'General').
  

Operational readiness & reporting

• Stand up baseline→post‑pilot metrics and simple dashboards for visibility (e.g., sensitive data heatmaps, enforcement events, user impact, false‑positive rate).
• Run weekly status calls and decision logs; deliver pilot configuration docs for CA/DLP, auto‑label simulation results, and the approved label taxonomy.
  

Details:

BASIC JOB REQUIREMENTS:

• Microsoft Purview Information Protection & DLP; Sensitivity Labels (MIP/AIP).
• Endpoint DLP tied to OneDrive/SharePoint and Office apps.
• Microsoft Entra ID (Conditional Access), Microsoft Defender for Cloud Apps (session controls).
• Device‑management alignment with SCCM/Intune; awareness of current Okta MFA with Entra ID federation and status of Azure AD Join to design practical, label‑aware controls in Client"s hybrid identity/device context. Required qualifications
• 5-8+ years in Microsoft 365 security with hands‑on Purview DLP and Endpoint DLP; strong record of pilot‑to‑production rollouts.
• Proven delivery of sensitivity label taxonomy, auto‑label simulations, and runbook‑driven DLP operations.
• Deep experience with Conditional Access and MDCA session policies for label‑aware access/download controls.
• Ability to translate pilot constraints (50 hours / 3 months) into prioritized, measurable outcomes with light‑touch governance.
• Nice to have : PowerShell/Graph API automation; KQL; experience aligning CA/Intune device compliance for unmanaged vs. managed user scenarios noted in the environment overview.