Cybersecurity Engineer (Microsoft Defender, Purview)

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at .

As guided by Our Credo Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

We are searching for the best talent for Cybersecurity Engineer with deep hands-on experience in Microsoft Defender for Office 365 and Microsoft Purview.

The role will design implement tune and operate email/office threat protection and data protection controls across the Microsoft 365 environment.

You will lead detection and response for email threats implement DLP and information protection policies integrate controls with SIEM/automation and partner with IT legal and privacy teams to manage compliance and data governance.

Key Responsibilities

• Design deploy and maintain Microsoft Defender for Office 365 capabilities (anti-phishing Safe Links Safe Attachments mail flow protection ATP configurations)

• Implement and manage Microsoft Purview solutions: Information Protection (sensitivity labels auto-labeling) Data Loss Prevention (DLP) Records Management and Insider Risk Management

• Tune detection rules policies and analytics to reduce false positives and increase detection efficacy.

• Investigate and respond to incidents originating from email/M365 data channels; lead triage root-cause analysis remediation and post-incident lessons learned.

• Integrate Defender for O365 and Purview telemetry with SIEM (e.g. Azure Sentinel) and SOC playbooks; create and maintain automation (PowerShell Playbooks Graph API).

• Create and maintain technical documentation runbooks and standard operating procedures for detection response and policy lifecycle.

• Perform ongoing policy risk assessments control effectiveness reviews and compliance support for audits and legal requests.

• Stay current with Microsoft feature releases and security trends; recommend platform improvements and roadmap items

Required Qualifications

• 3 years of hands-on experience administering Microsoft 365 security/compliance tools with specific experience in Defender for Office 365 and Microsoft Purview/Information Protection.

• Demonstrable experience tuning and operating email threat detection and DLP/information protection policies. Strong scripting/automation skills (PowerShell required; experience with Graph API REST or other automation tools a plus).

• Experience integrating Microsoft security log sources into SIEM and building detection rules/queries (KQL preferred).

• Solid understanding of email protocols mail flow phishing techniques malware delivery vectors and common attacker techniques.

• Experience conducting incident investigations and forensic analysis in M365 environments.

• Excellent written and verbal communication: can translate technical risk into business impact and create effective playbooks.

Technical Skills & Tools

• Microsoft Defender for Office 365 (Safe Links Safe Attachments anti-phishing mail trace attack simulation)

• Microsoft Purview / Compliance Center (sensitivity labels auto-labeling DLP eDiscovery retention)

• Exchange Online SharePoint Online OneDrive Teams administration concepts

• PowerShell scripting for Microsoft 365 / Exchange Online

• Microsoft Graph API (preferred)

• Kusto Query Language (KQL) for analytics/detections

• SIEM/Log ingestion (Azure Sentinel Splunk etc.)

• Threat intelligence and phishing simulation tools

• Common forensic and incident response methodologies

Certifications (nice-to-have)

• Microsoft 365 Security Administrator Associate (MS-500)

• Microsoft Security Operations Analyst (SC-200)

• Microsoft Information Protection Administrator (SC-400)

• Security CISSP or equivalent industry certifications

Behavioral / Soft Skills

• Strong analytical and problem-solving ability with attention to detail

• Collaborative mindset; experience working cross-functionally (IT Legal HR Privacy Compliance)

• Able to prioritize under pressure and handle multiple investigations concurrently

• Capacity to translate technical findings into business-facing recommendations

Required Skills:

Preferred Skills: