Job Responsibilities:
We are looking for a hands-on Security Admin/Analyst to support Microsoft Purview and Microsoft Defender XDR operations, with basic incident management responsibilities. The role will focus on managing DLP/IRM/AIP controls, monitoring security alerts, supporting investigations, and ensuring timely follow-up and reporting.
- Manage and monitor Microsoft Purview capabilities including DLP, Information Protection labels, IRM, and data classification policies.
- Support creation, testing, and tuning of Purview DLP policies to reduce false positives and improve data protection coverage.
- Monitor Microsoft Defender XDR alerts/incidents across endpoint, email, identity, and cloud workloads.
- Perform initial triage of security alerts, validate suspicious activities, and escalate confirmed incidents as per process.
- Support incident response activities including evidence collection, timeline preparation, user/asset validation, and coordination with IT teams.
- Track incidents, policy violations, and remediation actions in ITSM until closure.
- Prepare weekly/monthly dashboards and reports for Purview alerts, XDR incidents, DLP violations, and closure status.
- Maintain runbooks, SOPs, policy documentation, and contribute to continuous improvement of security operations.
Skill and Experience
- Bachelor’s degree in computer science, Information Security, or a related field.
- 2–4 years of experience in security operations, Microsoft 365 security, DLP, or incident monitoring.