Data Security Remediation Engineer (DSRE)

Role: Data Security Remediation Engineer (DSRE)

Location: Remote

Duration : 12+ Months Contract (with Possible extension)

Statement of Work:

This initiative focuses on a comprehensive data security transformation designed to discover, classify, and secure unstructured data across the client’s Microsoft 365 SharePoint and OneDrive environments. Leveraging the technical integration of BigID for deep discovery and Microsoft Purview for policy enforcement, the project follows a structured four-phase lifecycle: initially targeting Critical data (Phase 1), expanding to Moderate sensitivity (Phase 2), identifying Low Risk/Stale (ROT) data (Phase 3), and executing comprehensive Remediation (Phase 4). The Remediation Team will drive the execution of this strategy, managing the cross-platform integration to perform essential tasks such as validating classification accuracy, applying sensitivity labels, enforcing Data Loss Prevention (DLP) policies, and relocating at-risk files to ensure a compliant and hardened data estate.

Task Description:

The Remediation Engineer serves as the primary technical resource responsible for the hands-on deployment, configuration, and integration of BigID and Microsoft Purview to secure the client’s Microsoft 365 ecosystem, with an initial engagement scope strictly focused on SharePoint Online and OneDrive for Business. Reporting directly to the Remediation Lead, this individual will execute the daily technical operations of the project, including tuning classification scanners, applying sensitivity labels, configuring Data Loss Prevention (DLP) enforcement policies, and performing file relocation workflows for Critical, Moderate, and Stale data. The Engineer is responsible for troubleshooting integration issues, validating system performance against architectural requirements, and collaborating with vendor support to ensure the accurate discovery, tagging, and protection of unstructured data within these specific file repositories.

Required Skills/Level of Experience:

• Required: Bachelor’s degree in computer science, Information Technology, or a relevant technical field + a minimum of 2–3 years of hands-on experience in data security, system administration, or network engineering.
• Technical Execution - BigID: Hands-on experience deploying and configuring BigID scanners for unstructured data sources. Proficient in troubleshooting connectivity issues, configuring "Hyperscan" performance tuning, and building custom classifiers using RegEx or NLP training sets.
• Technical Execution - Microsoft Purview: Demonstrated ability to implement data protection controls within the M365 Compliance center. Must be capable of creating Sensitivity Labels, configuring auto-labeling policies for SharePoint/OneDrive, and testing DLP rule behavior (e.g., blocking external sharing) in a live environment.
• Scripting & Automation: Proficiency in PowerShell is essential. The candidate needs to be able to write scripts to interact with the Microsoft Graph API or BigID API for bulk tasks, such as generating reports on labeled files or automating the relocation of "stale" data to archive folders.
• Operational Troubleshooting: Strong analytical skills to diagnose integration breaks between BigID and Purview (e.g., labels not applying, scan failures). Ability to read audit logs and work with vendor support tickets to resolve technical blockers.
• Team Collaboration & Communication: Excellent written and verbal communication skills are required for documenting configuration changes ("Runbooks") and effectively communicating technical progress or blockers to the Remediation Lead and project stakeholders.
• Must have one of the following: Security + CE, CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, CND, CASP CE, CISSP, CSSLP

Nice to have Skills:

• 5+ years of experience
• Certifications:
  • BigID Certification: Active Certified BigID Security Professional is highly preferred (specifically covers Remediation & Labeling apps). Alternatively: Completion of the BigID Privacy, Security & Data Governance track.
  • Microsoft Compliance Certification: Active Microsoft Certified: Information Protection Administrator Associate (SC-400) is strongly desired.
  • CISSP
• Understanding and experience with NIST Special Publication [SP] 800-171
• Familiarity and understanding of United States Executive Order [EO] 14117

            .

PLEASE NOTE:

• Platform Configuration, Tuning & Policy Management (40%): Perform hands-on configuration of BigID scanners and Microsoft Purview policies; tune classification logic, sensitivity labels, and DLP rules to ensure high-fidelity detection with minimal false positives.
• Remediation Execution (Labeling, Enforcement & Relocation) (30%): Execute the technical workflows to apply sensitivity labels, enforce blocking/encryption actions, and relocate stale or high-risk files (ROT) to secure repositories.
• Integration Troubleshooting & Vendor Support (15%): Diagnose and resolve technical issues related to API connectivity, scan failures, or label mismatches; work directly with vendor support tickets to resolve product bugs or limitations.
• Scripting, Automation & Documentation (15%): Develop PowerShell scripts to automate bulk remediation tasks or reporting; maintain detailed technical "runbooks" and configuration documentation for all implemented controls.