Senior Data Security Engineer

Key Responsibilities

Data Loss Prevention (DLP) & Information Protection

• Design implement and manage enterprise DLP policies across Microsoft Purview Box Shield Azure Information Protection and third-party DLP solutions
• Configure and optimize sensitivity labels classification taxonomies and automated data discovery workflows to identify and protect sensitive information
• Conduct regular DLP effectiveness assessments and refine policies based on emerging threats and business requirements

Microsoft 365 Security & Governance

• Secure data within the Microsoft 365 environment including Exchange Teams Office 365 Copilot Power Platform etc.
• Configure and maintain audit logging insider risk management data loss prevention and communication compliance features
• Collaborate with IT teams to enforce security baselines device compliance policies and secure collaboration practices across Teams SharePoint and OneDrive

Azure Data Security & Cloud Protection

• Design and implement Azure data security controls using tools such as Azure Defender and other Cloud Security Posture Management (CSPM) tools
• Deploy and manage Microsoft Defender for Cloud (formerly Azure Security Center) to monitor security posture and remediate vulnerabilities
• Implement data governance frameworks using Azure Purview for data cataloging lineage tracking and compliance scanning
• Conduct cloud security assessments and ensure adherence to CIS/SOC2 Azure Benchmarks and Microsoft Cloud Security Benchmark

AI Security & Emerging Technologies

• Develop and implement security controls and guardrails for AI/ML platforms including Azure AI Services Microsoft 365 Copilot and other generative AI tools
• Establish data security best practices for AI training data model inputs/outputs and AI-generated content in accordance with CISA and other guidance
• Monitor AI system access prompt injection risks data exfiltration attempts and adversarial attacks on AI models (DSPM for AI)
• Collaborate with security infrastructure and other engineering teams to implement privacy-preserving techniques and secure AI development lifecycle practices

Qualifications :

Education

• Bachelors degree in computer science Information Security Cybersecurity or related technical field

Experience

• Minimum 7 years of progressive experience in enterprise data security information protection or cybersecurity engineering
• Minimum 5 years of hands-on experience with Microsoft 365 security and compliance tools (Microsoft Purview Defender suite Azure AD/Entra ID)
• Minimum 3 years of experience with Azure security services and cloud data protection
• Experience with AI/ML security or securing generative AI platforms in enterprise environments (preferred but not required)
• Experience in consulting professional services or financial services organizations is strongly preferred

Technical Skills

• Deep expertise in Microsoft 365 security stack (Purview DLP Defender for Endpoint/Office 365/Cloud Apps Entra ID Conditional Access)
• Strong proficiency with Azure security services (Defender for Cloud Key Vault Azure Policy Azure Firewall Azure Sentinel)
• Hands-on experience with Box Shield Box Governance and Box Platform APIs
• Advanced knowledge of DLP technologies data classification frameworks and information rights management (IRM)
• Proficiency in scripting/automation using PowerShell Python or similar languages for security automation
• Experience with SIEM/SOAR platforms and security analytics tools
• Understanding of AI/ML security concepts including data poisoning model extraction prompt injection and adversarial attacks
• Familiarity with compliance frameworks (NIST CSF CIS Controls ISO 27001/27701 GDPR CCPA)

Professional Competencies

• Strong analytical and problem-solving skills with ability to assess complex security challenges
• Excellent communication skills able to translate technical concepts for non-technical stakeholders and executive leadership
• Collaborative mindset proven ability to work effectively with cross-functional teams including IT operations legal compliance HR and business units
• Project management capabilities experience leading security initiatives from conception through implementation
• Customer service orientation responsive and solutions-focused when supporting internal stakeholders
• Continuous learning mentality commitment to staying current with evolving threats technologies and best practices

Work Environment & Location

• Location: Remote
• Work Hours: Standard business hours (8:30am 5:30pm)

Preferred Certifications

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400)
• Microsoft Certified: Security Compliance and Identity Fundamentals (SC-900)
• Certified Cloud Security Professional (CCSP)

Additional Information :

Some of the Benefits We Have Include

J.S. Held understands all our employees are people and sometimes life needs flexibility. We work to always provide an environment that best supports and suits our teams needs.

• Our flexible work environment allows employees to work remotely when needed
• Generous Annual Leave Policy
• Comprehensive Medical Insurance

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

By submitting your application you acknowledge that you have read the J.S. Held Online Privacy Notice and hereby freely and unambiguously give informed consent to the collection processing use and storage of your personal information as required and described therein. California residents can click here to learn more about the personal information we collect and here to learn about additional privacy rights that may be available.

Please explore what were all about at .

EEO and Job Accommodations

We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. We are greater when we are equal!

J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. All qualified applicants will receive consideration for employment without regard to sex gender identity sexual orientation race color religion national origin disability protected Veteran status age or any other characteristic protected by law.

If you are an individual with a disability and would like to request for a reasonable accommodation please email and include Applicant Accommodation within the subject line with your request and contact information.

#LI-SC1

Remote Work :

Yes

Employment Type :

Full-time