Cyber Security Expert - Microsoft Defender/Purview

Description :

We are seeking a highly skilled Cybersecurity Expert with 7.5+10 years overall experience and minimum 4+ years of hands-on experience in Microsoft Defender for Office (MDO), Mimecast Email Security, and Microsoft Purview Data Loss Prevention (DLP).

This is an individual contributor role, and the candidate will lead engineering, operations, and incident response activities to strengthen enterprise email security, protect sensitive data, and respond to advanced threats.

Key Responsibilities :

Email Security Engineering & Operations :

- Design, implement, and manage MDO policies for phishing, malware, and advanced threat protection.

- Continuously monitor Email flow in Mimecast & MDO portals and highlight any trends / insights to Customer.

- Review the SOC analyst performance w.r.t Email security aspects and either create/modify documentation.

- Keep a tab on newer threats and attack vectors the adversaries can exploit in Email security domain.

- Implement custom rules to detect Business Email Compromise (BEC), phishing attempts, and spoofing.

- Integrate Defender for O365 logs such as Safe Links click rates, phishing detection, and compromised account logs into SIEM for centralized monitoring.

- Implement advanced filtering rules to address customers threat profile specific org level threats

- Administer and optimize Mimecast Email Security solutions, including gateway policies, spam filtering, and archiving.

- Conduct regular tuning of rules, policies, and threat intelligence feeds to reduce false positives and enhance detection.

- Support audit processes by providing necessary documentation and reports.

Data Loss Prevention (DLP) :

- Engineer and maintain Microsoft Purview DLP policies across email, endpoints, and cloud apps.

- Strong experience in all modules of Microsoft Purview.

- Strong understanding on Data classification, Data discovery and Data protection aspects.

- Define and categorize sensitive data using automatic and trainable classifiers to detect and label data.

- Collaborate with business units to define sensitive data classifications and enforce compliance requirements.

- Monitor DLP alerts, investigate incidents, and recommend remediation strategies on timely basis.

Incident Response :

- Lead investigations of email-borne threats, phishing campaigns, and data leakage incidents.

- Perform forensic analysis of suspicious emails, attachments, and URLs.

- Coordinate containment, eradication, and recovery steps with SOC and IT teams.

- Document incident findings and provide executive-level reporting.

Governance & Compliance :

- Ensure alignment with regulatory frameworks (GDPR, HIPAA, PCI-DSS, etc.).

- Maintain audit readiness and support compliance assessments.

Stakeholder Engagement :

- Act as SME for email security and DLP in cross-functional projects.

- Provide training and awareness sessions for IT and business teams.

- Conduct regular phishing email simulations to assess user awareness and identify security behaviour gaps.

- Deliver daily/weekly dashboards and metrics to leadership.

Soft Skills :

- Strong analytical and problem-solving abilities.

- Excellent communication and documentation skills.

- Ability to work cross-functionally with SOC, Governance, IT, and Compliance teams.

- Proactive mindset toward threat identification and risk mitigation.

Reporting :

- Prepare weekly reports for Customer in an agreed format

- Prepare monthly report for Customer in an agreed format

- Prepare adhoc reports when required

Required Skills & Experience :

- Hands-on experience in Microsoft Defender for Office 365 (MDO)

- Strong understanding of email security concepts (BEC, phishing, spoofing, malware delivery).

- Experience with Mimecast security configuration and administration.

- Deep knowledge of Microsoft Purview Information Protection and DLP ecosystems.

- Proficiency in configuring sensitivity labels, classifiers, encryption policies, and DLP rules.

- Experience integrating O365 and Mimecast telemetry into SIEM (Sentinel, Splunk, QRadar, etc.).

- Knowledge of Conditional Access, Identity Protection, and Zero Trust principles.

- Familiarity with Microsoft 365 compliance centre and security centre.

- Understanding of regulatory data protection standards (GDPR, HIPAA, PCI, etc.).

- Prepare / update documentation aligned to improve security & performance.

- Experience with incident response in O365 environments.