Company Description

J.S. Held, a global consulting firm providing specialized technical, scientific, financial, and advisory services, is seeking a Senior Data Security Engineer to lead the design, implementation, and governance of enterprise data security programs across platforms such as Microsoft 365, Box, Azure, and emerging AI platforms. This role is critical to protecting sensitive client and corporate information, ensuring regulatory compliance, and advancing the firm's data protection capabilities in a rapidly evolving threat landscape.

The ideal candidate will bring deep technical expertise in cloud data security, DLP technologies, and AI security frameworks, combined with strong collaboration skills to work across IT, compliance, legal, and business units.

Job Description

Key Responsibilities

Data Loss Prevention (DLP) & Information Protection

Design, implement, and manage enterprise DLP policies across Microsoft Purview, Box Shield, Azure Information Protection, and third-party DLP solutionsConfigure and optimize sensitivity labels, classification taxonomies, and automated data discovery workflows to identify and protect sensitive informationConduct regular DLP effectiveness assessments and refine policies based on emerging threats and business requirements

Microsoft 365 Security & Governance

Secure data within the Microsoft 365 environment including Exchange, Teams, Office 365, Copilot, Power Platform, etc.Configure and maintain audit logging, insider risk management, data loss prevention and communication compliance featuresCollaborate with IT teams to enforce security baselines, device compliance policies, and secure collaboration practices across Teams, SharePoint, and OneDrive

Azure Data Security & Cloud Protection

Design and implement Azure data security controls using tools such as Azure Defender and other Cloud Security Posture Management (CSPM) toolsDeploy and manage Microsoft Defender for Cloud (formerly Azure Security Center) to monitor security posture and remediate vulnerabilitiesImplement data governance frameworks using Azure Purview for data cataloging, lineage tracking, and compliance scanningConduct cloud security assessments and ensure adherence to CIS/SOC2 Azure Benchmarks and Microsoft Cloud Security Benchmark

AI Security & Emerging Technologies

Develop and implement security controls and guardrails for AI/ML platforms including Azure AI Services, Microsoft 365 Copilot, and other generative AI toolsEstablish data security best practices for AI training data, model inputs/outputs, and AI-generated content in accordance with CISA and other guidanceMonitor AI system access, prompt injection risks, data exfiltration attempts, and adversarial attacks on AI models (DSPM for AI)Collaborate with security, infrastructure, and other engineering teams to implement privacy-preserving techniques and secure AI development lifecycle practices

Qualifications

Education

Bachelor’s degree in computer science, Information Security, Cybersecurity, or related technical field

Experience

Minimum 7 years of progressive experience in enterprise data security, information protection, or cybersecurity engineeringMinimum 5 years of hands-on experience with Microsoft 365 security and compliance tools (Microsoft Purview, Defender suite, Azure AD/Entra ID)Minimum 3 years of experience with Azure security services and cloud data protectionExperience with AI/ML security or securing generative AI platforms in enterprise environments (preferred but not required)Experience in consulting, professional services, or financial services organizations is strongly preferred

Technical Skills

Deep expertise in Microsoft 365 security stack (Purview DLP, Defender for Endpoint/Office 365/Cloud Apps, Entra ID, Conditional Access)Strong proficiency with Azure security services (Defender for Cloud, Key Vault, Azure Policy, Azure Firewall, Azure Sentinel)Hands-on experience with Box Shield, Box Governance, and Box Platform APIsAdvanced knowledge of DLP technologies, data classification frameworks, and information rights management (IRM)Proficiency in scripting/automation using PowerShell, Python, or similar languages for security automationExperience with SIEM/SOAR platforms and security analytics toolsUnderstanding of AI/ML security concepts including data poisoning, model extraction, prompt injection, and adversarial attacksFamiliarity with compliance frameworks (NIST CSF, CIS Controls, ISO 27001/27701, GDPR, CCPA)

Professional Competencies

Strong analytical and problem-solving skills with ability to assess complex security challengesExcellent communication skills – able to translate technical concepts for non-technical stakeholders and executive leadershipCollaborative mindset – proven ability to work effectively with cross-functional teams including IT operations, legal, compliance, HR, and business unitsProject management capabilities – experience leading security initiatives from conception through implementationCustomer service orientation – responsive and solutions-focused when supporting internal stakeholdersContinuous learning mentality – commitment to staying current with evolving threats, technologies, and best practices

Work Environment & Location

Location: RemoteWork Hours: Standard business hours (8:30am – 5:30pm)

Preferred Certifications

Microsoft Certified: Azure Security Engineer Associate (AZ-500)Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400)Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)Certified Cloud Security Professional (CCSP)

Additional Information

Some of the Benefits We Have Include

J.S. Held understands all our employees are people and sometimes life needs flexibility. We work to always provide an environment that best supports and suits our team’s needs.

Our flexible work environment allows employees to work remotely when neededGenerous Annual Leave PolicyComprehensive Medical Insurance

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

By submitting your application, you acknowledge that you have read the J.S. Held Online Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as required and described therein. California residents can click here to learn more about the personal information we collect and here to learn about additional privacy rights that may be available.

Please explore what we’re all about at www.jsheld.com.

EEO and Job Accommodations

We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. We are greater when we are equal!

J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

If you are an individual with a disability and would like to request for a reasonable accommodation, please email [email protected] and include “Applicant Accommodation” within the subject line with your request and contact information.

#LI-SC1