Job Description

Details:
Exciting opportunity in Hyderabad! We"re looking for a Microsoft 365 Security specialist with hands-on experience in Purview DLP, Endpoint DLP, and sensitivity label governance.
You"ll drive a structured program - from quick-win visibility scans to building a sustainable DLP framework with label-aware access controls, triage runbooks, and pilot-to-production rollouts.
If you have 5-8+ years in Microsoft 365 security, proven expertise in Conditional Access/MDCA session controls, and a track record of translating pilot initiatives into enterprise-ready solutions, this role could be for you.
What you"ll do (responsibilities)
Program architecture & governance
Design a right?sized DLP program plan: Scope, milestones, RACI, and stakeholder cadence aligned to Phase 1-3 (Visibility & Quick Wins ? Classification Foundations ? Label?Aware Enforcement & Operational Readiness).
Produce a DLP Triage Runbook (alert flows, escalation paths, SLAs, remediation steps) and a Governance 'Quick Wins' checklist to sustain operations after the trial.
Define and obtain prerequisites: admin access, pilot user/site scope, device?management alignment (SCCM/Intune), and decision makers for weekly reviews.
Policy Management: Develop, implement, and manage DLP policies tailored
to endpoint devices using Microsoft Purview, ensuring data protection and
compliance.
Reporting and Analytics: Generate detailed reports on DLP incidents, trends,
and system performance using Microsoft Purview for management review.
System Maintenance: Perform troubleshooting of endpoint DLP systems
within Microsoft Purview to ensure optimal performance.
Deep understanding of various M365 services, such as SharePoint Online, Teams, OneDrive, and related applications. Which includes managing site collections, libraries, lists, and workflows to optimize user experience.
Strong understanding of architecture, security, permissions management, and content organization.
Microsoft Purview & classification
Collaborate with business owners to finalize a sensitivity label taxonomy (names, markings, protection settings) and author end?user guidance.
Configure auto?label policies in simulation, analyze detection accuracy, and tune to reduce false positives before enforcement.
Endpoint DLP (OneDrive/SharePoint & Office)
Architect and implement Endpoint DLP to control exfiltration paths tied to OneDrive sync and Office apps (e.g., print/copy/upload/USB/network share as appropriate), with targeted pilots and minimal disruption.
Establish monitoring, alert routing, and evidence capture for Endpoint DLP incidents; iterate policies from simulation ? audit ? block with business sign?off. (Anchored to pilot deliverables and DLP expansion in Phase 3.)
Label?aware access & session controls
Implement label?aware Conditional Access or Defender for Cloud Apps (MDCA) session controls so access/download behavior respects content sensitivity (e.g., restrict downloads of 'Confidential' content on unmanaged devices while allowing benign access to 'General').
Operational readiness & reporting
Stand up baseline?post?pilot metrics and simple dashboards for visibility (e.g., sensitive data heatmaps, enforcement events, user impact, false?positive rate).
Run weekly status calls and decision logs; deliver pilot configuration docs for CA/DLP, auto?label simulation results, and the approved label taxonomy.
Job Requirements
Details:
BASIC JOB REQUIREMENTS:

• Microsoft Purview Information Protection & DLP; Sensitivity Labels (MIP/AIP).
• Endpoint DLP tied to OneDrive/SharePoint and Office apps.
• Microsoft Entra ID (Conditional Access), Microsoft Defender for Cloud Apps (session controls).
• Device?management alignment with SCCM/Intune; awareness of current Okta MFA with Entra ID federation and status of Azure AD Join to design practical, label?aware controls in Client"s hybrid identity/device context.

Required qualifications * 5-8+ years in Microsoft 365 security with hands?on Purview DLP and Endpoint DLP; strong record of pilot?to?production rollouts.

• Proven delivery of sensitivity label taxonomy, auto?label simulations, and runbook?driven DLP operations.
• Deep experience with Conditional Access and MDCA session policies for label?aware access/download controls.
• Ability to translate pilot constraints (50 hours / 3 months) into prioritized, measurable outcomes with light?touch governance.
• Nice to have :

PowerShell/Graph API automation; KQL; experience aligning CA/Intune device compliance for unmanaged vs. managed user scenarios noted in the environment overview.
#LI-RS3
Pay Range:
Based on Experience

Skills Required