Microsoft Security Operations Consultant

As a Microsoft Security Operations Consultant, you will be responsible for the following core focus areas and responsibilities: Role Overview: You will be supporting a large enterprise SOC based in Gurgaon with a deep operational focus on Microsoft Purview DLP and Microsoft Defender. Your role will involve hands-on experience in monitoring, investigation, tuning, containment, and recovery across data protection and endpoint security domains. Key Responsibilities: - **Microsoft Purview DLP Core Operations & Incident Response:** - Own end-to-end operations of Microsoft Purview DLP across endpoints, Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams. - Administer and tune DLP policies, sensitivity labels, auto-labeling configurations, and information protection policies. - Monitor, triage, investigate, and respond to DLP alerts and incidents related to data leakage, policy violations, and endpoint-based DLP events. - Perform DLP incident management including alert validation, evidence collection, policy enforcement, and coordination with Legal, HR, Compliance, and IT teams. - Optimize DLP posture by reducing false positives, improving detection accuracy, and aligning controls with compliance requirements. - **Microsoft Defender Endpoint Security Operations:** - Operate and administer Microsoft Defender for Endpoint across Windows endpoints, macOS endpoints, and server workloads. - Conduct 24x7 monitoring, investigation, and response for malware, ransomware, credential theft, suspicious endpoint behaviors, and attack chains. - Lead incident containment and remediation actions, configure and manage ASR rules, endpoint hardening, exploit protection, and device control policies. - Tune Defender alerts and detections to improve signal quality and reduce SOC alert fatigue. - **Incident Management & SOC Operations (Primary Pillar):** - Act as L2/L3 escalation for SOC incidents related to Data Loss Prevention, endpoint security breaches, insider, and external threats. - Manage the complete incident lifecycle, perform hands-on remediation, support shift-based 24x7 SOC operations, and develop incident response runbooks, SOPs, and operational documentation. - Collaborate closely with Network Security, IAM, IT Operations, Compliance, and Risk teams. Qualifications Required: - 48 years of overall IT Security experience - 45 years of hands-on experience with Microsoft Security technologies - Strong background in SOC operations and incident response - Proven experience handling real-world security incidents Additional Company Details: YMinds.AI is a premier talent solutions company specializing in sourcing and delivering elite developers with expertise in cutting-edge technologies. They help global enterprises and fast-growing startups accelerate their product development by connecting them with engineers who excel in building intelligent, scalable, and future-ready systems. Their clients are at the forefront of innovation, and they enable their success by providing exceptional talent that drives technological advancement. As a Microsoft Security Operations Consultant, you will be responsible for the following core focus areas and responsibilities: Role Overview: You will be supporting a large enterprise SOC based in Gurgaon with a deep operational focus on Microsoft Purview DLP and Microsoft Defender. Your role will involve hands-on experience in monitoring, investigation, tuning, containment, and recovery across data protection and endpoint security domains. Key Responsibilities: - **Microsoft Purview DLP Core Operations & Incident Response:** - Own end-to-end operations of Microsoft Purview DLP across endpoints, Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams. - Administer and tune DLP policies, sensitivity labels, auto-labeling configurations, and information protection policies. - Monitor, triage, investigate, and respond to DLP alerts and incidents related to data leakage, policy violations, and endpoint-based DLP events. - Perform DLP incident management including alert validation, evidence collection, policy enforcement, and coordination with Legal, HR, Compliance, and IT teams. - Optimize DLP posture by reducing false positives, improving detection accuracy, and aligning controls with compliance requirements. - **Microsoft Defender Endpoint Security Operations:** - Operate and administer Microsoft Defender for Endpoint across Windows endpoints, macOS endpoints, and server workloads. - Conduct 24x7 monitoring, investigation, and response for malware, ransomware, credential theft, suspicious endpoint behaviors, and attack chains. - Lead incident containment and remediation actions, configure and manage ASR rules, endpoint hardening, exploit protection, and device control policies. - Tune Defender alerts and detections to improve signal quality and reduce SOC alert fatigue. - **Incident Management & SOC Operations (Primary Pi