We are seeking a Data Loss Prevention (DLP) Engineer with 2+ years of experience to support the build, configuration, testing, and rollout of a Microsoft Purview DLP program for a large enterprise environment. The scope focuses on enabling unified detection, protection, and control of sensitive data across endpoints and Microsoft 365 workloads, including Office 365, OneDrive, SharePoint, and Microsoft Teams, as well as optimizing and re-enabling email DLP.
Working under the technical direction of the DLP Architect, you will implement policies and configurations, execute pilots and wave-based deployment, monitor alerts and detection quality, and support tuning and aftercare activities. You’ll collaborate closely with the Project Manager, Compliance Analyst, Data Governance Lead, and Trainer to ensure the solution is effective, scalable, and user-ready.
1) Purview DLP Build & Configuration
• Configure Microsoft Purview DLP policies and rules based on provided design (scoping, conditions, actions, user notifications, overrides/justifications, and enforcement modes).
• Implement policy components correctly and consistently across workloads, following agreed standards and governance.
• Support configuration of classification elements leveraged by DLP (e.g., Sensitive Information Types, sensitivity labels, and workload-specific policy settings).
2) Microsoft 365 Workload Enablement
• Implement and validate DLP coverage across Microsoft 365 workloads, including:
-Exchange Online / Email DLP (re-enable and optimize baseline rules)
-SharePoint Online & OneDrive for Business (including external sharing controls where required)
-Microsoft Teams (policy alignment for chats/messages where applicable; files governed via SharePoint/OneDrive)
• Configure user experience controls such as policy tips/notifications and align them to change/adoption requirements.
3) Endpoint DLP Onboarding & Controls
• Support endpoint onboarding and readiness activities (prerequisites, deployment coordination, validation), aligned to the client’s tooling (e.g., Intune and Defender for Endpoint).
• Configure and test endpoint DLP scenarios (e.g., copying to removable media, printing, uploads to browser/web destinations, and other risky actions), aligned to “monitor → tune → enforce” rollout discipline.
4) Pilot Execution & Wave-Based Rollout
• Execute pilot configurations and validate detections and user prompts with pilot users/business units.
• Support controlled enterprise rollout in waves (e.g., by business unit), including deployment checklists, validation steps, rollback/mitigation plans, and hypercare readiness.
5) Monitoring, Troubleshooting & Policy Tuning Support
• Monitor DLP alerts, event telemetry, and reporting to assess signal quality and operational impact.
• Investigate false positives/false negatives and propose tuning adjustments (rule thresholds, conditions, exclusions, scoping changes) for approval by the DLP Architect and stakeholders.
• Support operational workflows for triage and escalation (service desk and security/compliance stakeholders).
6) Integration & Automation Support
• Assist with integrating DLP alerting into broader security operations workflows (e.g., Microsoft Defender XDR and/or Microsoft Sentinel if used).
• Support automation tasks where required (e.g., reporting workflows, alert routing, operational dashboards), leveraging PowerShell and/or Power Automate as appropriate.
7) Documentation, Handover & Enablement
• Produce and maintain implementation documentation: configuration records, test evidence, operational runbooks, and support guides.
• Support the Trainer and project team with enablement materials, including service desk readiness and end-user guidance (microlearning/policy awareness content).
• 2+ years of experience in DLP, information protection, Microsoft 365 security/compliance, or security engineering.
• Hands-on experience configuring or supporting Microsoft Purview DLP (or closely related Microsoft 365 compliance/security controls) across one or more workloads (Exchange, SharePoint, OneDrive, Teams) and/or endpoints.
• Working understanding of the DLP lifecycle (plan/design, implement, test, monitor, tune, enforce/hypercare).
• Familiarity with key enabling tools and concepts such as:
-Microsoft Purview compliance portal
-Sensitive Information Types (SITs), sensitivity labels, and policy scoping
-PowerShell for administration and reporting support
-Endpoint management/security concepts (e.g., Intune / Microsoft Defender for Endpoint)
• Strong troubleshooting mindset, attention to detail, and ability to follow change control and deployment governance.
• Good communication skills and comfort working in a client-facing, structured delivery environment.
Strong Advantage (Preferred)
• Experience with endpoint DLP at scale (large device populations and wave deployments).
• Experience with DLP policy tips, user prompts, and adoption-focused configurations for SharePoint/OneDrive.
• Exposure to Microsoft security/compliance certifications (e.g., SC-400) or equivalent hands-on capability.
• Experience integrating DLP alerts with SOC workflows and tooling (Microsoft Defender XDR, Sentinel) and/or building operational dashboards (Power BI).
• Experience in regulated environments and alignment with data protection expectations (e.g., GDPR-type obligations).
Success Profile at CGI
• Strong “engineering ownership” mindset: executes clean builds, produces reliable evidence, and follows through on issues to closure.
• Collaborative and coachable: works effectively with the DLP Architect and cross-functional stakeholders (PM, compliance, governance, training, service desk).
• Practical, user-aware approach: balances security controls with real-world usability and business impact.
• Disciplined delivery habits: documentation quality, change control, testing rigor, and operational readiness are non-negotiable.
• Continuous improvement orientation: uses monitoring results and stakeholder feedback to improve detection quality and reduce false positives over time.
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team—one of the largest IT and business consulting services firms in the world.