Purview Data Security Engineer (RARR Job 6251)

The Data Security Engineer is responsible for the hands-on configuration deployment and day-to-day operation of data security controls across the Microsoft Purview estate. The role bridges architectural design and operational delivery, building and maintaining the policies, processes, and tooling that keep the program running effectively.

Key Responsibilities

• Configure and maintain Microsoft Purview policies including Sensitive Information Types (SITs), sensitivity labels, auto-labelling rules, and DLP policies across Exchange, SharePoint, OneDrive, Teams, and Endpoint.
• Support deployment and ongoing management of Endpoint DLP, Microsoft Defender for Cloud Apps (MDCA), and the MIP Scanner for a large Enterprise Environment.
• Manage the Sensitive Data Discovery process, maintaining SIT accuracy, reviewing scan outputs, and feeding findings into classification and DLP policy updates.
• Monitor Data Exposure Management findings, identify high-risk repositories, and coordinate remediation with data owners and the Digital Workplace team.
• Triage DLP policy matches, resolve false positives, and escalate emerging patterns or rule changes to the Architect.
• Deliver training and guidance to the Service Desk and Digital Workplace support teams to build operational capability around data security tooling and escalation procedures.
• Produce regular operational metrics and reporting covering policy match rates, classification coverage, exposure findings, and SIT performance.
• Maintain configuration documentation, knowledge base articles, and operational runbooks to support program run activities and governance and compliance reviews.

Skills Experience

• Practical experience configuring Microsoft Purview SITs, sensitivity labels, auto-labelling, and DLP policies. Comfortable producing operational reports and dashboards for program stakeholders.
• Familiarity with Endpoint DLP, Microsoft Defender for Cloud Apps (MDCA), and MIP Scanner. Good communication skills, able to explain policy behavior to non-technical support teams.
• Experience with SharePoint and OneDrive data management, including sharing controls and site structures. Microsoft certifications desirable: SC401, MS500, or equivalent.