Description
We are seeking an experienced Data Security & Insider Threat Specialist to help protect sensitive company data from internal misuse, accidental leakage, and intentional exfiltration. This role focuses on preventing and detecting employee-driven data risks, not traditional perimeter hacking.
The ideal contractor has hands-on experience implementing Data Loss Prevention (DLP), endpoint monitoring, and cloud security controls, particularly within Microsoft 365 environments.
Contract | Remote / Hybrid (as needed)
Key Objectives
- Prevent unauthorized copying, forwarding, or exporting of company data
- Detect abnormal employee behavior related to data access
- Establish clear, enforceable data protection controls without disrupting productivity
- Create defensible audit trails and incident response procedures
Responsibilities
Data Loss Prevention & Monitoring
- Design and implement DLP policies to prevent:
- Copy/paste of sensitive data to unmanaged devices
- Emailing company data to personal email accounts
- Uploads to personal cloud storage (Google Drive, Dropbox, iCloud, etc.)
- Unauthorized USB or removable media usage
- Configure alerts and logging for:
- Mass file downloads
- Unusual access patterns
- Data access prior to employee termination or resignation
Microsoft 365 & Cloud Security
- Implement and manage security controls within Microsoft 365, including:
- Microsoft Purview DLP
- Sensitivity labels and data classification
- Insider Risk Management policies
- Conditional Access rules
- Audit logging and reporting
- Secure Outlook, OneDrive, SharePoint, and Teams against data leakage and misuse
Endpoint & User Behavior Security
- Deploy or tune Endpoint Detection & Response (EDR) tools (e.g., Defender for Endpoint, CrowdStrike, SentinelOne)
- Monitor and analyze user behavior analytics (UEBA) to detect insider threats
- Help define “alert vs block” thresholds to balance security and usability
Incident Response & Forensics
- Investigate suspected insider data incidents using audit logs and forensic techniques
- Preserve evidence in a legally defensible manner
- Coordinate with leadership, HR, and legal as needed
- Develop a clean offboarding security checklist for employee exits
Policy & Process Development
- Assist in creating or refining:
- Acceptable Use Policies
- Data classification standards
- Least-privilege access models
- Insider threat response playbooks
- Provide executive-level explanations of risks, findings, and controls
Required Skills & Experience
- Proven experience in insider threat prevention or data loss prevention
- Strong hands-on experience with Microsoft 365 security
- Familiarity with employee data exfiltration techniques
- Experience implementing or managing DLP and EDR tools
- Ability to communicate clearly with non-technical leadership
Preferred Certifications
One or more of the following strongly preferred:
- CISSP
- CISM
- CCSP
- GIAC Insider Threat (GITR)
- GIAC Security Essentials (GSEC)
What Success Looks Like
- Clear visibility into how company data is accessed and used
- Reduced risk of employee-driven data leakage
- Well-defined alerts and audit trails for suspicious activity
- Security controls that protect data without harming productivity
- A repeatable, documented approach to insider threat prevention
Engagement Details
- Contract-based engagement
- Initial assessment and implementation phase, with potential ongoing advisory support
- Flexible hours with defined deliverables