Data Security Analyst

Primary Purpose

The Data Security Analyst supports the day-to-day administration and continuous improvement of the enterprise Data Protection Program, with a primary focus on Microsoft Purview and CrowdStrike Falcon Data Protection. This role assists with implementing, testing, monitoring, and documenting data loss prevention and insider risk controls across endpoint, email, SaaS, and cloud channels. Working in partnership with Cybersecurity, Legal, HR, Privacy, Enterprise IT, and business stakeholders, the analyst helps investigate alerts, maintain policies, and support data protection processes and workflows. The role provides an opportunity to build hands-on experience with enterprise data protection tools while contributing to the identification, escalation, and resolution of data protection risks and incidents.

Major Responsibilities

• Data Protection Platform Support (Purview & Falcon Data Protection)

Support the administration of Microsoft Purview (Data Loss Prevention, Insider Risk Management, Information Protection / sensitivity labels, and Data Lifecycle Management) and the CrowdStrike Falcon Data Protection module. Assist with policy setup, testing, rollout activities, exception tracking, and basic platform health monitoring under the guidance of senior team members. Maintain runbooks, standard operating procedures, and internal documentation to support consistent execution of data protection processes.

• DLP Policy Support, Testing & Tuning

Assist with creating, testing, and updating data loss prevention policies across endpoint, email, M365 SaaS, browser, and cloud egress channels. Help translate data classification and regulatory requirements into policy rules using available platform capabilities such as sensitive information types, classifiers, Exact Data Match, and document fingerprinting where appropriate. Participate in test validation, monitor policy results, and help identify false positives, exceptions, and opportunities for improvement.

• Insider Risk Monitoring Support

Support the monitoring and maintenance of insider risk policies in Purview Insider Risk Management and complementary detections in Falcon Data Protection. Assist in reviewing potential risk scenarios such as data exfiltration, departing employees, privileged user misuse, and repeated policy violations. Partner with HR, Legal, Privacy, and Employee Relations as needed to support case preparation, documentation, and policy validation while following established privacy and escalation guidelines.

• Alert Triage & Investigation Support

Review and triage data protection alerts and tickets generated by Purview and Falcon Data Protection. Gather relevant details, perform initial analysis, document findings, and escalate higher-risk or more complex issues according to defined procedures. Support investigations of suspected data loss, insider misuse, and policy violations by collecting evidence from available tools and helping maintain complete, accurate case records.

• Reporting, Metrics & Documentation

Assist with preparing recurring reports and metrics related to DLP and insider risk activity, including alert volumes, investigation status, policy trends, and identified gaps. Help maintain documentation that supports governance activities, audit readiness, and periodic policy reviews.

• Stakeholder Coordination & Communication

Work with Cybersecurity, IT teams, system and data owners, HR, Legal, Privacy, and business stakeholders to support data protection activities. Communicate clearly regarding open items, required inputs, documentation needs, and status updates, and participate in working sessions and case reviews as assigned.

• Continuous Improvement & Process Support

Contribute to ongoing improvements in the enterprise Data Protection Program by identifying process gaps, recommending refinements, and supporting updates to detection logic, triage workflows, and investigation playbooks. Assist with automation and AI-enabled process improvements that increase efficiency, consistency, and scalability.

Education

• Bachelor's degree in information technology, Cybersecurity, Information Systems, Computer Science, or a related field, or equivalent experience

Work Experience

• 1 year of experience in information security, cybersecurity operations, IT support, systems administration, compliance, or a related technical field
• Exposure to data protection, data loss prevention, Microsoft security technologies, endpoint security, or incident/case management through coursework, lab work, certifications, prior roles, or project experience.
• Experience supporting alert review, documentation, reporting, policy administration, or investigation-related activities is preferred.
• Experience working with sensitive or confidential information in a professional setting
• Experience standing up or scaling an insider risk program, including partnership with HR and Legal on sensitive casework.
• Exposure to regulatory frameworks relevant to data protection (e.g., GDPR, SOX, PCI-DSS) and to privacy-by-design considerations in monitoring programs.
• Experience integrating DLP/IRM workflows with SOAR platforms and ticketing systems to automate triage and case management.

Knowledge / Skills / Abilities

• Basic understanding of information security and data protection concepts, including sensitive data, data classification, common data handling risks, and common exfiltration channels such as email, uploads, removable media, and cloud sharing.
• Familiarity with Microsoft 365 and foundational awareness of security technologies such as Microsoft Purview, Microsoft Defender, Entra ID, CrowdStrike, SIEM tools, or ticketing systems.
• Ability to learn new tools, processes, and technical concepts quickly and apply them with guidance in a structured environment.
• Strong written and verbal communication skills, with the ability to document findings clearly and communicate professionally with technical and non-technical stakeholders.
• Strong attention to detail, sound judgment, and the ability to handle confidential information with discretion.
• Ability to manage multiple tasks, follow established procedures, and escalate issues appropriately.
• Basic experience with reporting, scripting, query languages, or automation tools is helpful but not required.
• Familiarity with Exact Data Match (EDM), document fingerprinting, and trainable classifiers.
• Experience with data protection coverage across browser and cloud egress (e.g., Netskope, Zscaler) in addition to endpoint and email channels.

Certification / License

Microsoft SC-401 (Information Security Administrator), SC-200 (Security Operations Analyst), MS-500, CrowdStrike CCFA/CCFR, GIAC GCFA or GCIA, or CIPP.