Data Security Remediation Engineer

Job Number: 26-00030 ECLARO is looking for a Data Security Remediation Engineer for our client in Remote, MD. ECLARO’s client is a major technology firm with a prominent presence in large and fast-growing markets, providing products and services that enable businesses and economies to thrive. If you’re up to the challenge, then take a chance at this rewarding opportunity! Position Overview: • This initiative focuses on a comprehensive data security transformation designed to Client, classify, and secure unstructured data across the client's Microsoft 365 SharePoint and OneDrive environments. • Leveraging the technical integration of BigID for deep discovery and Microsoft Purview for policy enforcement, the project follows a structured four-phase lifecycle: initially targeting Critical data (Phase 1), expanding to Moderate sensitivity (Phase 2), identifying Low Risk / Stale (ROT) data (Phase 3), and executing comprehensive Remediation (Phase 4). • The Remediation Team will drive the execution of this strategy, managing the cross-platform integration to perform essential tasks such as validating classification accuracy, applying sensitivity labels, enforcing Data Loss Prevention (DLP) policies, and relocating at-risk files to ensure a compliant and hardened data estate. Responsibilities: • The Remediation Engineer serves as the primary technical resource responsible for the hands-on deployment, configuration, and integration of BigID and Microsoft Purview to secure the client's Microsoft 365 ecosystem, with an initial engagement scope strictly focused on SharePoint Online and OneDrive for Business. • Reporting directly to the Remediation Lead, this individual will execute the daily technical operations of the project, including tuning classification scanners, applying sensitivity labels, configuring Data Loss Prevention (DLP) enforcement policies, and performing file relocation workflows for Critical, Moderate, and Stale data. • The Engineer is responsible for troubleshooting integration issues, validating system performance against architectural requirements, and collaborating with vendor support to ensure the accurate discovery, tagging, and protection of unstructured data within these specific file repositories. • Platform Configuration, Tuning & Policy Management: Perform hands-on configuration of BigID scanners and Microsoft Purview policies; tune classification logic, sensitivity labels, and DLP rules to ensure high-fidelity detection with minimal false positives. • Remediation Execution (Labeling, Enforcement & Relocation): Execute the technical workflows to apply sensitivity labels, enforce blocking / encryption actions, and relocate stale or high-risk files (ROT) to secure repositories. • Integration Troubleshooting & Vendor Support: Diagnose and resolve technical issues related to API connectivity, scan failures, or label mismatches; work directly with vendor support tickets to resolve product bugs or limitations. • Scripting, Automation & Documentation: Develop PowerShell scripts to automate bulk remediation tasks or reporting; maintain detailed technical "runbooks " and configuration documentation for all implemented controls. Required Qualifications: • Technical Execution - BigID: Hands-on experience deploying and configuring BigID scanners for unstructured data sources. Proficient in troubleshooting connectivity issues, configuring "Hyperscan " performance tuning, and building custom classifiers using RegEx or NLP training sets. • Technical Execution - Microsoft Purview: Demonstrated ability to implement data protection controls within the M365 Compliance center. Must be capable of creating Sensitivity Labels, configuring auto-labeling policies for SharePoint / OneDrive, and testing DLP rule behavior (e.g., blocking external sharing) in a live environment. • Scripting & Automation: Proficiency in PowerShell is essential. The candidate needs to be able to write scripts to interact with the Microsoft Graph API or BigID API for bulk tasks, such as generating reports on labeled files or automating the relocation of "stale " data to archive folders. • Operational Troubleshooting: Strong analytical skills to diagnose integration breaks between BigID and Purview (e.g., labels not applying, scan failures). Ability to read audit logs and work with vendor support tickets to resolve technical blockers. • Team Collaboration & Communication: Excellent written and verbal communication skills are required for documenting configuration changes ("Runbooks") and effectively communicating technical progress or blockers to the Remediation Lead and project stakeholders. • Must have one of the following: Security + CE, CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, CND, CASP CE, CISSP, CSSLP. Preferred Skills: • 5+ years of experience. • Understanding and experience with NIST Special Publication [SP] 800-171. • Familiarity and understanding of United States Executive Order [EO] 14117. If hired, you will enjoy the following ECLARO Benefits: • 401k Retirement Savings Plan administered by Merrill Lynch • Commuter Check Pretax Commuter Benefits • Eligibility to purchase Medical, Dental & Vision Insurance through ECLARO If interested, you may contact: Melissa Francisco Melissa.Francisco@eclaro.com 646-849-5125 Melissa Francisco | LinkedIn Equal Opportunity Employer: ECLARO values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status, in compliance with all applicable laws.