Microsoft Purview DLP Security Analyst / M365 DLP Support Engineer
Job Description
Job Title: Microsoft Purview DLP Security Analyst / M365 DLP Support Engineer
Employment Period: August/September 2026 to March 2027, with possible yearly renewal
Location: 1 Fusionopolis Way
Working Hours: Monday to Friday, 8:30am to 6:00pm
Engagement Type: Contract / Renewable Term
Role Overview
We are seeking a Microsoft Purview DLP Security Analyst / M365 DLP Support Engineer to support Data Loss Prevention alert monitoring, incident handling, investigation, reporting, user support, and policy improvement activities.
The successful candidate will work closely with security operations, service desk, data owners, business users, compliance teams, and Microsoft Purview SMEs to ensure DLP alerts are properly monitored, investigated, classified, documented, escalated, and improved through continuous policy tuning.
Key Responsibilities
DLP Alert Monitoring & Incident Handling
Monitor DLP alerts from Microsoft Purview DLP Dashboard, Microsoft Defender XDR, email notifications, service desk tickets, and related alerting channels.
Log, track, triage, and classify DLP alerts, including initial investigation of true positives and false positives.
Perform first-level analysis and escalate high-risk or complex incidents to L2 security operations, L3 Purview SMEs, architects, compliance, legal, or other relevant stakeholders where required.
Investigation & Analysis
Perform detailed analysis of DLP incidents to identify root causes, including user behaviour, policy gaps, data misclassification, or process issues.
Validate and document false positives clearly to support policy improvement and operational reporting.
Support forensic analysis and evidence gathering for high-risk DLP incidents where required.
Escalation & Stakeholder Coordination
Coordinate with SOC teams, service desk, business units, data owners, compliance, legal, and IT stakeholders to ensure DLP incidents are handled appropriately and within expected timelines.
Communicate DLP-related issues clearly to both technical and non-technical users.
Policy Tuning & Change Management
Work with L3 SMEs and architects to recommend improvements to DLP policies based on repeated alerts, user feedback, threat trends, false positive patterns, and post-incident findings.
Support DLP change management activities arising from new regulatory requirements, new workloads such as Teams, Copilot or SaaS applications, and post-incident improvements.
Provide practical recommendations to improve DLP policy effectiveness and reduce unnecessary business disruption.
User Support & Awareness
Respond to user-reported DLP issues, including blocked activities, policy alerts, and suspected false positives.
Provide guidance to users on compliant data handling and proper use of sensitive information.
Support communication and awareness activities related to DLP policy enforcement.
Monitor and ensure the AI agent is running and responding correctly where applicable.
Reporting & Continuous Improvement
Prepare periodic DLP reports covering alert volumes, top users triggering policies, false positive rates, policy effectiveness trends, recurring issues, and recommended improvements.
Maintain proper documentation of investigations, findings, escalations, and closure actions.
Technical Skills Required
Strong hands-on knowledge of Microsoft Purview DLP is mandatory.
Experience in Microsoft Purview policy configuration, troubleshooting, alert review, and operational support.
Good understanding of DLP across Endpoint, Exchange, SharePoint, Teams, and Microsoft 365 workloads.
Knowledge of Microsoft Defender XDR, Microsoft 365 Compliance Portal, Microsoft Entra, sensitivity labels, data classification, and information protection.
Microsoft Intune experience will be an added advantage.
Operational & SOC Skills
Experience in incident triage, investigation, security alert analysis, ticket handling, true/false positive determination, and basic log analysis.
Experience with ticketing tools such as ServiceNow or similar platforms.
Ability to work with SOC, service desk, compliance, legal, and business stakeholders.
Data Security & Compliance Knowledge
Good understanding of data protection, data classification, data exfiltration risks, insider risk awareness, and DLP control concepts.
Knowledge of Singapore PDPA and data protection practices will be advantageous.
Soft Skills
Strong communication skills with business users and technical stakeholders.
Ability to explain DLP blocks, alerts, and policy enforcement in a professional and user-friendly manner.
Strong analytical thinking, root-cause analysis, documentation, and coordination skills.
Able to work independently while escalating appropriately when needed.
Experience Requirement
3 to 5 years of experience in Microsoft 365, Microsoft Purview, DLP, security operations, end-user support, or L2 support.
Hands-on experience supporting Microsoft Purview DLP in an enterprise environment is strongly preferred.
Preferred Certifications
Microsoft SC-400: Information Protection Administrator
Microsoft SC-200: Security Operations Analyst
Microsoft MS-102: Microsoft 365 Administrator
Microsoft SC-300: Identity and Access Administrator