IT Security Analyst, Sr

Job Description

Remaining Positions :

Details :

Exciting opportunity in Hyderabad! We're looking for a Microsoft 365 Security specialist with hands-on experience in Purview DLP , Endpoint DLP , and sensitivity label governance.

You'll drive a structured program - from quick-win visibility scans to building a sustainable DLP framework with label-aware access controls, triage runbooks, and pilot-to-production rollouts.

If you have 5-8+ years in Microsoft 365 security, proven expertise in Conditional Access / MDCA session controls, and a track record of translating pilot initiatives into enterprise-ready solutions, this role could be for you.

What you'll do (responsibilities)

Program architecture & governance

Design a rightsized DLP program plan : Scope, milestones, RACI , and stakeholder cadence aligned to Phase 1-3 (Visibility & Quick Wins Classification Foundations LabelAware Enforcement & Operational Readiness).

Produce a DLP Triage Runbook (alert flows, escalation paths, SLAs, remediation steps) and a Governance 'Quick Wins' checklist to sustain operations after the trial.

Define and obtain prerequisites : admin access , pilot user / site scope, devicemanagement alignment ( SCCM / Intune), and decision makers for weekly reviews.

Policy Management : Develop, implement, and manage DLP policies tailored

to endpoint devices using Microsoft Purview, ensuring data protection and

compliance.

Reporting and Analytics : Generate detailed reports on DLP incidents, trends,

and system performance using Microsoft Purview for management review.

System Maintenance : Perform troubleshooting of endpoint DLP systems

within Microsoft Purview to ensure optimal performance.

Deep understanding of various M365 services, such as SharePoint Online, Teams, OneDrive, and related applications. Which includes managing site collections, libraries, lists, and workflows to optimize user experience.

Strong understanding of architecture, security, permissions management, and content organization.

Microsoft Purview & classification

Collaborate with business owners to finalize a sensitivity label taxonomy (names, markings, protection settings) and author enduser guidance.

Configure autolabel policies in simulation , analyze detection accuracy, and tune to reduce false positives before enforcement.

Endpoint DLP (OneDrive / SharePoint & Office)

Architect and implement Endpoint DLP to control exfiltration paths tied to OneDrive sync and Office apps (e.g., print / copy / upload / USB / network share as appropriate), with targeted pilots and minimal disruption.

Establish monitoring, alert routing, and evidence capture for Endpoint DLP incidents iterate policies from simulation audit block with business signoff. (Anchored to pilot deliverables and DLP expansion in Phase 3.)

Labelaware access & session controls

Implement labelaware Conditional Access or Defender for Cloud Apps ( MDCA ) session controls so access / download behavior respects content sensitivity (e.g., restrict downloads of 'Confidential' content on unmanaged devices while allowing benign access to 'General').

Operational readiness & reporting

Stand up baselinepostpilot metrics and simple dashboards for visibility (e.g., sensitive data heatmaps, enforcement events, user impact, falsepositive rate).

Run weekly status calls and decision logs deliver pilot configuration docs for CA / DLP , autolabel simulation results , and the approved label taxonomy .

Job Requirements

Details :

BASIC JOB REQUIREMENTS :

• Microsoft Purview Information Protection & DLP Sensitivity Labels (MIP / AIP).
• Endpoint DLP tied to OneDrive / SharePoint and Office apps.
• Microsoft Entra ID (Conditional Access), Microsoft Defender for Cloud Apps (session controls).
• Device management alignment with SCCM / Intune awareness of current Okta MFA with Entra ID federation and status of Azure AD Join to design practical, label aware controls in Client's hybrid identity / device context.

Required qualifications

PowerShell / Graph API automation KQL experience aligning CA / Intune device compliance for unmanaged vs. managed user scenarios noted in the environment overview.

#LI-RS3

Pay Range : Based on Experience

Skills Required

Sccm, Intune, Dlp, Powershell, conditional access