Senior Data Security Engineer

Company Description J.S. Held, a global consulting firm providing specialized technical, scientific, financial, and advisory services, is seeking a Senior Data Security Engineer to lead the design, implementation, and governance of enterprise data security programs across platforms such as Microsoft 365, Box, Azure, and emerging AI platforms. This role is critical to protecting sensitive client and corporate information, ensuring regulatory compliance, and advancing the firm’s data protection capabilities in a rapidly evolving threat landscape. The ideal candidate will bring deep technical expertise in cloud data security, DLP technologies, and AI security frameworks, combined with strong collaboration skills to work across IT, compliance, legal, and business units. Job Description Key Responsibilities Data Loss Prevention (DLP) & Information Protection Design, implement, and manage enterprise DLP policies across Microsoft Purview, Box Shield, Azure Information Protection, and third‑party DLP solutions Configure and optimize sensitivity labels, classification taxonomies, and automated data discovery workflows to identify and protect sensitive information Conduct regular DLP effectiveness assessments and refine policies based on emerging threats and business requirements Microsoft 365 Security & Governance Secure data within the Microsoft 365 environment including Exchange, Teams, Office 365, Copilot, Power Platform, etc. Configure and maintain audit logging, insider risk management, data loss prevention and communication compliance features Collaborate with IT teams to enforce security baselines, device compliance policies, and secure collaboration practices across Teams, SharePoint, and OneDrive Azure Data Security & Cloud Protection Design and implement Azure data security controls using tools such as Azure Defender and other Cloud Security Posture Management (CSPM) tools Deploy and manage Microsoft Defender for Cloud (formerly Azure Security Center) to monitor security posture and remediate vulnerabilities Implement data governance frameworks using Azure Purview for data cataloging, lineage tracking, and compliance scanning Conduct cloud security assessments and ensure adherence to CIS/SOC2 Azure Benchmarks and Microsoft Cloud Security Benchmark AI Security & Emerging Technologies Develop and implement security controls and guardrails for AI/ML platforms including Azure AI Services, Microsoft 365 Copilot, and other generative AI tools Establish data security best practices for AI training data, model inputs/outputs, and AI-generated content in accordance with CISA and other guidance Monitor AI system access , prompt injection risks, data exfiltration attempts, and adversarial attacks on AI models (DSPM for AI) Collaborate with security, infrastructure, and other engineering teams to implement privacy‑preserving techniques and secure AI development lifecycle practices Qualifications Education Bachelor’s degree in computer science, Information Security, Cybersecurity, or related technical field Experience Minimum 7 years of progressive experience in enterprise data security, information protection, or cybersecurity engineering Minimum 5 years of hands‑on experience with Microsoft 365 security and compliance tools (Microsoft Purview, Defender suite, Azure AD/Entra ID) Minimum 3 years of experience with Azure security services and cloud data protection Experience with AI/ML security or securing generative AI platforms in enterprise environments (preferred but not required) Experience in consulting, professional services, or financial services organizations is strongly preferred Technical Skills Deep expertise in Microsoft 365 security stack (Purview DLP, Defender for Endpoint/Office 365/Cloud Apps, Entra ID, Conditional Access) Strong proficiency with Azure security services (Defender for Cloud, Key Vault, Azure Policy, Azure Firewall, Azure Sentinel) Hands‑on experience with Box Shield, Box Governance, and Box Platform APIs Advanced knowledge of DLP technologies, data classification frameworks, and information rights management (IRM) Proficiency in scripting/automation using PowerShell, Python, or similar languages for security automation Experience with SIEM/SOAR platforms and security analytics tools Understanding of AI/ML security concepts including data poisoning, model extraction, prompt injection, and adversarial attacks Familiarity with compliance frameworks (NIST CSF, CIS Controls, ISO 27001/27701, GDPR, CCPA) Professional Competencies Strong analytical and problem‑solving skills with ability to assess complex security challenges Excellent communication skills – able to translate technical concepts for non‑technical stakeholders and executive leadership Collaborative mindset – proven ability to work effectively with cross‑functional teams including IT operations, legal, compliance, HR, and business units Project management capabilities – experience leading security initiatives from conception through implementation Customer service orientation – responsive and solutions‑focused when supporting internal stakeholders Continuous learning mentality – commitment to staying current with evolving threats, technologies, and best practices Work Environment & Location Location: Remote Work Hours: Standard business hours (8:30 am – 5:30 pm) Preferred Certifications Microsoft Certified: Azure Security Engineer Associate (AZ‑500) Microsoft Certified: Information Protection and Compliance Administrator Associate (SC‑400) Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC‑900) Certified Cloud Security Professional (CCSP) Additional Information J.S. Held understands all our employees are people and sometimes life needs flexibility. We work to always provide an environment that best supports and suits our team’s needs. Our flexible work environment allows employees to work remotely when needed Generous Annual Leave Policy Comprehensive Medical Insurance Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. By submitting your application, you acknowledge that you have read the J.S. Held Online Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as required and described therein. California residents can click here to learn more about the personal information we collect and here to learn about additional privacy rights that may be available. Please explore what we’re all about at EEO and Job Accommodations We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. We are greater when we are equal J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. If you are an individual with a disability and would like to request for a reasonable accommodation, please email and include “Applicant Accommodation” within the subject line with your request and contact information. #J-18808-Ljbffr