Security Architect (Microsoft Purview & AWS)

Hybrid onsite at Jersey City, NJ, 07310 / Dallas, TX, 75019 / Tampa, FL, 33647

Contract to Hire role 
2 round interview process- both zoom 

Notes from HM: 
We are seeking a Senior Security Engineer with deep expertise in Microsoft Purview and Amazon Web Services (AWS) to design, implement, and operate enterprisescale data protection, compliance, and monitoring capabilities across hybrid and multicloud environments.
 
This role is handson and architectureadjacent, with ownership for policy design, automation, integrations, and operational excellence across Microsoft 365 and AWS platforms. The engineer will partner closely with Security Architecture, Cloud Platform, Data Governance, Legal, and Compliance teams to ensure solutions are regulatorready, auditable, and aligned to business risk.

Strong expertise in:

• Microsoft 365 security and compliance services

• Sensitivity labeling, DLP, and data governance concepts

• AWS security fundamentals (IAM, logging, monitoring, guardrails)

• Proven ability to independently own complex initiatives from design through production.

• Strong written and verbal communication skills, including executive and auditorfacing documentation.

Key Responsibilities: 
Microsoft Purview Engineering: Lead design, implementation, and lifecycle management of Microsoft Purview capabilities, including:

• Sensitivity labels and autolabeling strategies

• Enterprisescale Data Loss Prevention (DLP) policies

• Insider Risk Management configuration and tuning

• Records Management, retention, eDiscovery, and audit workflows

• Define technical standards, configuration baselines, and guardrails for Purview services across Microsoft 365 (Exchange, SharePoint, OneDrive, Teams).

• Continuously tune policies using telemetry, alerts, and business impact analysis to reduce false positives and operational friction.

• Act as a senior escalation point for complex Purviewrelated incidents and investigations.

 
AWS Security & Data Protection: Design and implement AWSnative controls supporting data protection, auditability, and compliance, including:

• CloudTrail, Security Hub, and centralized logging pipelines

• IAM roles, permission boundaries, and Service Control Policies (SCPs)

• Integration of AWS telemetry into enterprise SIEM platforms

• Partner with cloud platform teams to ensure AWS services handling sensitive data meet classification, retention, and monitoring requirements.

• Support data protection and oversight for AWShosted analytics, storage, and AI/ML services where applicable.

 
Governance, Risk & Compliance

• Translate regulatory and policy requirements into enforceable technical controls and configurations.

• Produce auditready documentation, architecture diagrams, runbooks, and evidence artifacts.

• Support internal risk assessments, regulatory exams, and control testing activities with clear technical explanations.

 Required Qualifications:

• 6+ years of experience in information security, cloud security, or data protection engineering.

• 4+ years of handson experience implementing Microsoft Purview in large enterprise environments.

 Preferred Qualifications

• Experience in regulated financial services or similarly regulated industries.

• Familiarity with enterprise frameworks such as NIST, ISO 27001, or NYDFS 23 NYCRR 500.

• Experience integrating cloud security telemetry into centralized SIEM platforms.

• Exposure to data security posture management (DSPM) or AIrelated data controls.
   

EEO: 
 Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of   Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.