MS Purview and M365 Defender XDR SME

If you need support in completing the application or if you require a different format of this document, please get in touch with at [email protected] or call TCS London Office number 02031552100 with the subject line: “Application Support Request”.

Role: MS Purview and M365 Defender XDR SME

Job Type: Permanent

Location: London

Are you looking to utilize your skills in Microsoft?

Make a meaningful impact as a MS Purview and M365 Defender XDR SME!

Careers at TCS: It means more

TCS is a purpose-led transformation company, built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you, it means more to make an impact that matters, through challenging projects which demand ambitious innovation and thought leadership.

• Gain exposure to innovative technology.
• Work with customers and identify opportunities to support their strategy and improve various processes across functions.
• Gain access to endless learning opportunities.

The Role

As an MS Purview and M365 Defender XDR SME, you will be a proactive and skilled Microsoft Security Engineer or Analyst tasked with safeguarding digital assets by leveraging a comprehensive suite of Microsoft security technologies. The ideal candidate will have experience using Microsoft Defender XDR for managing and responding to threats, implement Microsoft Purview to ensure data compliance, and secure identities and access through Microsoft Entra ID. Core responsibilities will include threat management, proactive hunting for vulnerabilities, data protection, security posture management, and incident response. All of these will be based on collaborating with other teams to maintain and improve the organization's overall security posture.

Key responsibilities:

• Design, implement, and manage Data Loss Prevention (DLP) policies to prevent unauthorized data sharing including deploying and maintaining Information Protection policies (AIP/MPIP), such as sensitivity labels.
• Configure and monitor policies to detect, investigate, and act on malicious or unintentional activities that could lead to data leakage or security incidents.
• Monitor and investigate communications within the organization to detect and address potential violations of corporate policy or regulatory standards.
• Manage and secure user, group, and workload identities including administering App & Enterprise App registrations and managing guest access for B2B (business-to-business) and B2C (business-to-consumer) scenarios.
• Develop and manage Conditional Access (CA) policies to enforce granular access controls, including Multi-Factor Authentication (MFA), based on user, device, and location.
• Implement and manage Self-Service Password Reset (SSPR) and Password Writeback to ensure seamless and secure user experience.
• Act as a subject matter expert for the core components of the Defender XDR suite.
• Manage endpoint protection, detection, and response across our device fleet.
• Protect against email-based threats, including phishing, malicious attachments, and compromised links.
• Monitor on-premises Active Directory signals to identify and investigate threats related to compromised identities.
• Enforce security policies and provide threat protection across our cloud applications.
• Prioritize and address critical vulnerabilities and misconfigurations based on a risk-based assessment.
• Work with internal IT and other security teams to ensure the effectiveness of the platform.
• Serve as a point of contact for external services like Microsoft Defender Experts for proactive hunting and expert guidance.
• Document incident response procedures, create reports on security posture, and provide regular briefings to leadership.
• Implement policies for records management and retention to ensure that data is retained according to legal and business requirements and securely disposed of when no longer needed.
• Utilize DSPM capabilities to understand data risk, identify sensitive data across the environment, and implement controls to mitigate including managing data security posture related to AI applications and models.
• Support legal and compliance teams by utilizing Purview's eDiscovery and audit capabilities for investigations.
• Utilize Microsoft Entra ID Protection to identify and respond to compromised credentials and other identity-based risks.
• Work closely with the Defender for Identity team to monitor on-premises Active Directory signals for threats.
• Implement and maintain Privileged Identity Management (PIM) and Privileged Access Management (PAM) to provide just-in-time (JIT) access and enforce the principle of least privilege.
• Ensure the proper configuration and integration of various authentication protocols, including SAML, OAuth, OIDC, and SCIM for application and service provisioning.
• Secure Bring Your Own Device (BYOD) and other device access by implementing device-based access policies and configurations.

Your Profile

Essential skills/knowledge/experience

• Previous experience in a cybersecurity role, with a strong focus on Microsoft security solutions.
• In-depth practical knowledge of the Microsoft security stack, including Defender XDR, Purview, and Entra ID.
• Experience with scripting languages, particularly PowerShell, for automation and management.
• Familiarity with common cybersecurity frameworks and attack methodologies, such as the MITRE ATT&CK framework.
• Microsoft Certified: Security Operations Analyst Associate (SC-200; SC-300; SC-400).
• Certified Information Systems Security Professional (CISSP).

Desirable skills/knowledge/experience:

• Excellent analytical and problem-solving abilities.
• Strong communication and collaboration skills to work effectively with technical and non-technical teams.
• A proactive mindset and the ability to adapt to a fast-paced, evolving threat landscape.

Rewards & Benefits

TCS is consistently voted as a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop, phone, access to extensive training resources and discounts within the larger Tata network.

We offer health & wellness initiatives and sports events; we are the proud sponsors of the London Marathon.

Diversity, Inclusion and Wellbeing

Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the UK Equality Act 2010 and the UK Human Rights Act 1998.

We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.

As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at [email protected] if you would like to opt in.

If you are an applicant who needs any adjustments to the application process or interview, please contact us at [email protected] with the subject line: “Adjustment Request” or call TCS London Office 02031552100 / +44 204 520 2575 to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.

Beware of Fraudulent offers

This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail, Yahoo Mail, and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker, beware of fraudulent recruitment activity and protect your interests! You can write to [email protected] to report any fraudulent activity.

Due to the high volume of applications, we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days, then it should be deemed unsuccessful on this occasion.

Join us and do more of what matters. Apply online now.