IT Security Engineer - Purview and Sentinel Lead - Full Time, Days (Remote) 11491
Please mention DailyRemote when applying
AI Summary
Serve as the primary subject matter expert for Microsoft Purview and Sentinel to manage data governance and security operations. Responsible for designing detection capabilities and maintaining the organization's data protection posture in a healthcare environment.
Position Summary
The Purview and Sentinel Lead serves as the organization's primary subject matter expert for Microsoft Purview (compliance, data governance, and eDiscovery) and Microsoft Sentinel (cloud-native SIEM/SOAR). This role is responsible for the design, operation, and continuous improvement of the organization's data protection posture and security operations detection capabilities across a multi-facility healthcare environment.
Key Responsibilities
- Microsoft Sentinel - SIEM/SOAR Operations: Own the architecture, configuration, and day-to-day health of the Microsoft Sentinel environment, including workspace design, data connector management, and cost optimization
- Microsoft Purview - Compliance & Data Governance: Design and administer the organization's Microsoft Purview compliance posture, including Information Protection, Data Loss Prevention (DLP), Insider Risk Management, Communication Compliance, and Audit solutions
- Detection Engineering & Threat Intelligence: Maintain a detection engineering lifecycle - ideate, build, validate, tune, and retire - for Sentinel analytic rules based on threat intelligence feeds (H-ISAC, MDTI, CISA advisories)
- Governance, Reporting & Collaboration: Produce regular operational metrics and executive-level reporting on SIEM alert volume, detection coverage, DLP policy effectiveness, and eDiscovery activity
Required Qualifications
- Experience: 2+ years in security operations, compliance engineering, or cloud security roles with direct hands-on experience in Microsoft Sentinel and/or Microsoft Purview
- Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or equivalent practical experience
- Certifications (Required or Expected Within 12 Months):
- Microsoft Security Operations Analyst Associate (SC-200)
Technical Skills:
- Advanced KQL proficiency - analytic rules, hunting queries, workbooks, and summarization
- Hands-on experience with Sentinel data connectors, DCRs, automation rules, and Logic Apps playbooks
- Working knowledge of Microsoft Purview compliance portal: DLP, sensitivity labels, eDiscovery, litigation holds, and Audit
- Familiarity with Microsoft Defender XDR suite integration (MDE, MDI, MDA, MDO)
- Proficiency with PowerShell and Microsoft Graph API for compliance and security automation
- Understanding of MITRE ATT&CK framework and its application to detection rule development
Pay Rate: Min - $135,000 l Max - $135,000
Job Listing ID: 1791294
Automatically Apply to the Best Remote Jobs
Stop the endless job search. Our AI finds and applies to the best jobs for you.
