Data Security Engineer

NewGen is seeking a Remediation Engineer to be the primary technical resource responsible for the hands-on deployment, configuration, and integration of BigID and Microsoft Purview to secure the client’s Microsoft 365 ecosystem, with an initial engagement scope strictly focused on SharePoint Online and OneDrive for Business. Reporting directly to the Remediation Lead, this individual will execute the daily technical operations of the project, including tuning classification scanners, applying sensitivity labels, configuring Data Loss Prevention (DLP) enforcement policies, and performing file relocation workflows for Critical, Moderate, and Stale data. The Engineer is responsible for troubleshooting integration issues, validating system performance against architectural requirements, and collaborating with vendor support to ensure the accurate discovery, tagging, and protection of unstructured data within these specific file repositories.

Required Skills/Level of Experience:

• Required: Bachelor’s degree in computer science, Information Technology, or a relevant technical field + a minimum of 2–3 years of hands-on experience in data security, system administration, or network engineering.
• Technical Execution - BigID: Hands-on experience deploying and configuring BigID scanners for unstructured data sources. Proficient in troubleshooting connectivity issues, configuring "Hyperscan" performance tuning, and building custom classifiers using RegEx or NLP training sets.
• Technical Execution - Microsoft Purview: Demonstrated ability to implement data protection controls within the M365 Compliance center. Must be capable of creating Sensitivity Labels, configuring auto-labeling policies for SharePoint/OneDrive, and testing DLP rule behavior (e.g., blocking external sharing) in a live environment.
• Scripting & Automation: Proficiency in PowerShell is essential. The candidate needs to be able to write scripts to interact with the Microsoft Graph API or BigID API for bulk tasks, such as generating reports on labeled files or automating the relocation of "stale" data to archive folders.
• Operational Troubleshooting: Strong analytical skills to diagnose integration breaks between BigID and Purview (e.g., labels not applying, scan failures). Ability to read audit logs and work with vendor support tickets to resolve technical blockers.
• Team Collaboration & Communication: Excellent written and verbal communication skills are required for documenting configuration changes ("Runbooks") and effectively communicating technical progress or blockers to the Remediation Lead and project stakeholders.
• Must have one of the following: Security + CE, CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, CND, CASP CE, CISSP, CSSLP

Duties:

• Platform Configuration, Tuning & Policy Management (40%): Perform hands-on configuration of BigID scanners and Microsoft Purview policies; tune classification logic, sensitivity labels, and DLP rules to ensure high-fidelity detection with minimal false positives.
• Remediation Execution (Labeling, Enforcement & Relocation) (30%): Execute the technical workflows to apply sensitivity labels, enforce blocking/encryption actions, and relocate stale or high-risk files (ROT) to secure repositories.
• Integration Troubleshooting & Vendor Support (15%): Diagnose and resolve technical issues related to API connectivity, scan failures, or label mismatches; work directly with vendor support tickets to resolve product bugs or limitations.
• Scripting, Automation & Documentation (15%): Develop PowerShell scripts to automate bulk remediation tasks or reporting; maintain detailed technical "runbooks" and configuration documentation for all implemented controls.