Senior Cyber Security Engineer - 4825 (Milwaukee)

About the Role Join a specialized team of analysts and engineers dedicated to detecting and responding to insider risk events. This senior-level role focuses on engineering Microsoft E5 tools to strengthen enterprise data protection and insider threat detection capabilities. You will lead the design, build, and operationalization of secure-by-default solutions anchored in Microsoft Purview and related technologies, ensuring compliance and resilience at scale. Key Responsibilities Engineer Secure-by-Default E5 Data Protection Design and implement Microsoft Purview DLP policies across endpoints, Exchange, SharePoint, OneDrive, and Teams. Develop and maintain Sensitivity Label taxonomy with automated enforcement paths. Build Policy-as-Code Pipelines Create CI/CD workflows to version, test, and deploy DLP rules, label configurations, and governance artifacts across multiple environments. Integrate Security Telemetry Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics and detection. Leverage CrowdStrike telemetry to correlate endpoint behaviors with data movement signals for insider-risk and exfiltration scenarios. Develop Automations & Guardrails Build services and workflows (Azure Functions, Logic Apps, Graph API) for auto-remediation, revoking risky shares, and notifying data owners. Implement configuration baselines and drift detection for E5 security controls (MCAS, Conditional Access, etc.). Operate and Continuously Improve Maintain reliability for data protection pipelines, including SLIs/SLOs, runbooks, and incident playbooks. Create Splunk dashboards and correlation searches aligned to exfiltration, anomalous access, and label violations. Collaborate Across Teams Partner with Privacy and Compliance for audit-ready controls and evidence processes. Work with IAM, Insider Risk, and platform teams to align label taxonomy and enforcement with business workflows. Provide technical leadership and mentorship for engineers and analysts implementing new E5 features. Required Qualifications 5+ years of experience in enterprise security or platform engineering. Hands-on expertise with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery). Proven ability to build policy-as-code for DLP/labels and automate administration using Graph API and PowerShell. Experience designing secure-by-default guardrails for SaaS/AI adoption, including Copilot. Preferred Qualifications Strong background in data protection for regulated data (PII/PHI) and insider-risk detection. Experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (CIM, correlation searches). Familiarity with MCAS, Defender for Cloud Apps, and conditional access policies. Knowledge of HIPAA/PHI audit support and exception governance workflows. Success Metrics (First 612 Months) Improved DLP policy efficacy and reduced unauthorized data movement. Increased label coverage and accuracy for sensitive content. End-to-end telemetry integration across Purview, Zscaler, CrowdStrike, and Splunk. Secure-by-default adoption and Copilot controls baselined. Audit readiness with complete evidence and exception closure rates. Tools & Technologies Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES) Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps