- Company Name
- NorthMark Compute & Cloud
- Job Title
- Cyber Defense Engineer - Insider Threat
- Job Description
-
Job Title: Cyber Defense Engineer – Insider Threat
Role Summary: Design, implement, and scale insider‑threat defenses for a multinational investment firm, focusing on Microsoft Purview Insider Risk Management, DLP, and UEBA. Lead policy architecture, detection use cases, and incident response across Microsoft 365 tenants, ensuring compliance with legal and business requirements.
Expectations:
- Oversee end‑to‑end insider‑threat program, from policy design to investigation.
- Align security controls with regulatory mandates, stakeholder priorities, and organizational risk appetite.
- Reduce false positives while maintaining high detection efficacy.
- Deliver measurable improvement in insider‑risk visibility and response capabilities.
Key Responsibilities:
- Architect and optimize Microsoft Purview Insider Risk Management for detection, triage, and response.
- Engineer enterprise DLP policies across endpoints, cloud services, and collaboration platforms.
- Develop advanced insider‑threat use cases using telemetry, behavioral analytics, and UEBA models.
- Design, deploy, and tune monitoring systems for user behavior and data access patterns.
- Conduct forensic investigations, correlating SIEM/EDR/DLP data and applying behavioral context.
- Enhance sensitivity labeling, auto‑labeling, and classification strategies across M365.
- Ensure multi‑tenant policy consistency while meeting regional compliance.
- Collaborate with Cyber Defense Operations, HR, Legal, Compliance, and IT to define data protection needs.
- Translate business requirements into actionable DLP and insider‑threat use cases.
Required Skills:
- 6+ years in cybersecurity, insider‑threat, or SOC engineering.
- Hands‑on expertise with Microsoft Purview Insider Risk Management and DLP policy creation/tuning.
- Strong knowledge of sensitivity labels, auto‑labeling, classification, and M365 tenant deployment.
- Experience in threat hunting, MITRE ATT&CK, and incident response.
- Analytical, communication, and problem‑solving proficiency.
- Ability to reduce false positives and fine‑tune alert thresholds.
Required Education & Certifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or related field (equivalent experience acceptable).
- Relevant certifications such as Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Security, Compliance, and Identity Fundamentals, or equivalent.
New york city, United states
Hybrid
Mid level
04-11-2025