About this role
This role is a senior technical leader who designs and continuously measures enterprise data security and Data Loss Prevention architectures. The architect applies secure by design and zero trust principles and operationalizes Microsoft Purview and Microsoft Defender controls for audit-ready data protection.
Key Responsibilities
- Develop and evolve enterprise data security and data loss prevention architectures
- Integrate data-centric security controls across endpoint, identity, collaboration, storage, and data platforms
- Design and operationalize Microsoft Purview Information Protection and DLP (sensitivity labeling, classification, policy enforcement)
- Architect and implement Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) to protect data across its lifecycle
- Author and maintain data security and DLP standards aligned to NIST and internal security frameworks
Technical Overview
The architect builds reference architectures and data protection controls spanning endpoint, identity, collaboration, storage, and data platforms, including cryptographic trust services. They implement Microsoft Purview Information Protection/DLP and Microsoft Defender capabilities across Windows, macOS, Windows Server, and Linux, integrating with Varonis Data Security and aligning standards to NIST.
Ideal Candidate
The ideal candidate is a senior cybersecurity architect who designs and operationalizes enterprise data security and Data Loss Prevention controls. They have hands-on architecture experience with Microsoft Purview Information Protection and multiple Microsoft Defender capabilities, and can apply secure by design and zero trust principles across Windows, macOS, Windows Server, Linux, and hybrid environments.
Must-Have Skills
Designingimplementingvalidatingand continuously measuring enterprise data security postureApplying secure by design and zero trust principlesOperationalizing and continuously validating data protection controlsDesign and operationalize Microsoft Purview Information Protection and DLPArchitect and implement Microsoft Defender capabilitiesServe as senior technical authority for data security and DLP across WindowsmacOSWindows Serverand LinuxAligning architectures to business objectivesregulatory requirementsand data classification standardsAuthor and maintain data security and DLP standards and reference architectures aligned to NIST
Tools & Platforms
Microsoft Purview Information ProtectionMicrosoft PurviewMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft Defender for Cloud AppsVaronis Data SecurityNIST
Required Skills
enterprise data security posturedata protection controlsreference architecturessecure by designzero trust principlesendpointidentitycollaborationstoragedata platformscryptographic trust servicesMicrosoft Purview Information ProtectionDLPsensitivity labelingclassificationpolicy enforcementMicrosoft DefenderMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft Defender for Cloud AppsWindowsmacOSWindows ServerLinuxVaronis Data SecurityNISTdata security standardsdata loss prevention standardsaudit readiness
Hard Skills
Enterprise data security postureData protection controlsReference architecturesSecure by design principlesZero trust principlesEndpoint securityIdentity securityCollaboration data securityStorage securityData platform securityCryptographic trust servicesData-centric security controlsLeast privilege principlesMicrosoft Purview Information ProtectionInformation ProtectionMicrosoft Purview Data Loss Prevention (DLP)DLP capabilitiesSensitivity labelingClassificationPolicy enforcementUser experience considerationsMicrosoft Defender capabilitiesMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft Defender for Cloud AppsProtect data throughout its lifecycleWindowsmacOSWindows ServerLinuxMicrosoft Security capabilities integrationVaronis Data SecurityData security standardsData loss prevention standardsNISTTechnical security guardrailsRisk translation into technical requirementsAudit readinessRegulatory risk to deployable testable measurable controlsData classification standardsData security posture measurementData protection maturity
Soft Skills
Senior technical leadershipProactive audit readiness planningTranslating regulatory and business risk into requirementsCollaboration with platform stakeholders and service ownersContinuous improvement mindsetOperationalization and validation of controlsClear technical standards authorship and maintenance
Keywords for Your Resume
Staff Cybersecurity ArchitectData SecurityData Loss Preventionenterprise data security posturedata protection controlsreference architecturessecure by designzero trustendpointidentitycollaborationstoragedata platformscryptographic trust servicesMicrosoft Purview Information ProtectionInformation ProtectionDLPsensitivity labelingsensitivity labelclassificationpolicy enforcementuser experienceMicrosoft DefenderMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft Defender for Cloud AppsWindowsmacOSWindows ServerLinuxVaronis Data SecurityNISTdata security standardsdata loss prevention standards
Deal Breakers
Must have experience designing and operationalizing Microsoft Purview Information Protection and DLP capabilities, Must have experience architecting Microsoft Defender capabilities (Endpoint, Identity, Office 365, Cloud Apps), Must be able to provide data security/DLP authority across Windows, macOS, Windows Server, and Linux
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile