Microsoft Security Operations Consultant – MS DLP (IP&G, Purview) & Defender for Endpoint (MDE)

About the Role

Our client is seeking an experienced Microsoft Security Operations Consultant with strong hands-on expertise in Microsoft Purview DLP (Information Protection & Governance) and Microsoft Defender for Endpoint (MDE) to support 24x7 SOC operations from their Gurgaon office.

This is an operations-focused role , requiring deep experience in administration, monitoring, investigation, tuning, and incident response within an enterprise SOC environment. The consultant will play a key role in data protection, endpoint security operations, compliance support, and continuous security optimization.

Key Responsibilities

Microsoft Purview DLP & IP&G (Operations & Administration)

• Administer and support Microsoft Purview DLP policies across:
• Endpoint
• Exchange Online
• SharePoint Online
• OneDrive
• Microsoft Teams
• Manage and tune:
• Sensitivity labels
• Auto-labeling policies
• Information Protection policies
• Monitor, investigate, and respond to DLP alerts, incidents, and policy violations
• Tune DLP policies to reduce false positives while maintaining strong data protection
• Support audit, compliance, and regulatory requirements (e.g., GDPR )
• Create and maintain SOPs, runbooks, and operational documentation
• Coordinate with SOC, IT, Legal, and Compliance teams during incidents
  

Engagement Type

Contract / Consultant

Initial term: 6 Months (Extendable based on performance and business needs)

Work Mode & Locations

• Work From Office (WFO)
• Gurgaon
• 24x7 SOC Operations (Shift-based)

Experience Required

• 48 years overall IT Security experience
• 45 years of hands-on administration experience with Microsoft Security solutions
• Strong exposure to SOC / Security Operations

Microsoft Defender for Endpoint (MDE) SOC Operations

• Administer and operate Microsoft Defender for Endpoint across:
• Windows
• macOS
• Servers
• Monitor, investigate, and respond to MDE alerts and incidents in a 24x7 SOC
• Perform advanced hunting using KQL to identify suspicious activities
• Tune detections to reduce alert noise and improve signal quality
• Implement and manage:
• Attack Surface Reduction (ASR) rules
• Endpoint hardening and device control policies
• Support incident containment, remediation, and root-cause analysis
• Integrate MDE alerts with SIEM / SOAR platforms (Microsoft Sentinel preferred)

SOC & Security Operations

• Act as L2/L3 escalation support for SOC teams
• Participate in shift-based 24x7 monitoring and incident response
• Support endpoint and server:
• Containment
• Isolation
• Recovery activities
• Provide daily operational handovers and incident summaries
• Assist in creating SOC use cases, dashboards, and operational metrics
• Collaborate with Network, IAM, IT Operations, and Compliance teams
  

Required Technical Skills

• Strong hands-on administration experience with:
• Microsoft Purview DLP & Information Protection
• Microsoft Defender for Endpoint (MDE)
• Solid understanding of:
• SOC operations and incident response workflows
• Endpoint security, malware, and infostealers
• Data protection, classification, and governance
• Working knowledge of:
• KQL (Kusto Query Language)
• SIEM tools (Microsoft Sentinel preferred )
• SOAR integrations and automated playbooks
  

Preferred Certifications

• SC-200 Microsoft Security Operations Analyst
• SC-400 Microsoft Information Protection Administrator
• AZ-500 or equivalent Microsoft security certifications
  

Soft Skills

• Strong operational and troubleshooting mindset
• Ability to work from office in 24x7 shifts
• Good communication and documentation skills
• Ability to work independently in a consultant role
• Proven experience working in enterprise SOC environments
  

Why Join

• Work in a large-scale enterprise SOC environment
• Gain deep hands-on exposure to Microsoft Purview and Defender ecosystems
• Opportunity to work on critical security incidents and compliance programs
• Contract role with extension potential based on performance
  

Keywords

Microsoft Security Consultant, Microsoft Purview DLP, Information Protection & Governance, Microsoft Defender for Endpoint, MDE, SOC Analyst, Microsoft Sentinel, KQL, Security Operations, Gurgaon Jobs

Hashtags

#MicrosoftSecurity #SOCJobs #DefenderForEndpoint #MicrosoftPurview #DLP #SecurityConsultant #CyberSecurityJobs #GurgaonJobs #HiringNow #SOCOperations