Security Analyst/DLP Engineer (Microsoft Security Stack) at NetStone Global Ltd, Newcastle, 6 Months, £Contract Rate

Security Engineer - Microsoft Security Suite (Defender, Purview, Sentinel, KQL)

Key Responsibilities:

• Administered and enhanced security controls across the Microsoft Security suite, including Microsoft Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Microsoft Purview DLP.

• Built, optimised, and maintained DLP policies, sensitivity labels, insider risk rules, and data classification controls in Purview.

• Developed advanced KQL queries for incident investigation, threat hunting, alert tuning, and custom analytics within Microsoft Sentinel and Defender portals.

• Automated monitoring and detection processes using PowerShell, Python, Logic Apps, and API-based scripting, improving SOC efficiency.

• Designed and implemented custom monitoring and threat detection use cases, including anomaly detection, data exfiltration patterns, endpoint behaviour triggers, and cloud misuse indicators.

• Performed incident response and remediation engagement, working closely with SOC, IT, cloud, and business teams to contain and resolve security events.

• Conducted detailed incident analysis, identifying root causes, assessing impact, and recommending long-term corrective actions.

• Led policy review and tuning activities, reducing false positives and enhancing rule accuracy across Defender and Purview environments.

• Drove continuous improvement, defining detection logic enhancements, policy lifecycle governance, and operational monitoring standards.

• Collaborated with compliance, governance, and IT stakeholders to ensure alignment with GDPR, ISO27001, NIST, and internal security frameworks.

• Created documentation, playbooks, SOPs, tuning guidelines, and reporting dashboards to support SOC and Security Operations.

Core Skillset & Technologies:

• Microsoft Security:

  • Microsoft Defender (MDE, MDI, MDA/MDAp, MDC)

  • Microsoft Purview (DLP, Information Protection, Insider Risk)

  • Microsoft Sentinel (SIEM/SOAR)

• Detection & Analysis:

  • Advanced KQL (queries, detection rules, analytics, hunting)

  • Incident triage & root-cause analysis

  • Behavioural analytics & exfiltration monitoring

• Scripting & Automation:

  • PowerShell, Python, Logic Apps, REST APIs

• Security Engineering:

  • Use-case development

  • Alert tuning & optimisation

  • Endpoint, cloud, and data protection

  • Collaboration with IT/security teams for remediation

• Compliance: GDPR, ISO27001, NIST CSF