We're looking for a

Principal Systems Engineer

This role is Office Based, Mumbai Office

We are seeking a highly skilled Principal Microsoft 365 Security & Compliance Engineer with deep expertise in implementing, managing, and optimizing security controls across our Microsoft ecosystem. The ideal candidate will have extensive hands-on experience with Microsoft Purview, Defender for Endpoint, Azure Active Directory (Entra) Identity Protection, Intune security configurations, and Jamf Pro security management. This role requires demonstrated proficiency in security policy implementation, compliance frameworks, data loss prevention (DLP), and advanced PowerShell scripting for security automation. The successful candidate will drive our security strategy and implement robust compliance protocols across our diverse technology landscape with a focus on protecting sensitive data and maintaining regulatory compliance.

In this role, you will…

Security & Compliance Management

• Design, implement, and maintain comprehensive Data Loss Prevention (DLP) policies across Microsoft 365, including
• Exchange Online, SharePoint Online, OneDrive, and Teams
• Lead the implementation of Microsoft Purview Information Protection for data classification, labeling, and protection across the organization
• Develop and enforce Conditional Access and Zero Trust security policies to secure access to corporate resources
• Ensure compliance with regulatory requirements including HIPAA, FedRAMP, SOC II, GDPR, and CCPA
• Create and maintain security baselines and hardening policies for Windows and macOS endpoints per NIST 800-171 requirements
• Conduct regular security assessments and compliance audits of Microsoft 365 environments
• Lead the implementation of SDLC practices for secure systems implementation and integration

Endpoint Security Management

• Implement and maintain advanced security configurations in Jamf Pro for macOS fleet, including security policies,
• restrictions, and compliance reporting
• Configure and manage Microsoft Defender for Endpoint across all platforms, including threat and vulnerability
• management, attack surface reduction, and response actions
• Design and implement secure Mobile Application Management (MAM) policies to protect corporate data on mobile devices
• Create and enforce endpoint encryption policies for all managed devices
• Implement secure configurations for USB device control and external media protection
• Develop and maintain endpoint security reporting and compliance dashboards

Identity & Access Security

• Implement and manage Azure AD Identity Protection to identify, investigate, and remediate identity-based risks
• Configure and maintain Multi-Factor Authentication (MFA) and Passwordless Authentication strategies
• Design and implement Privileged Access Management solutions for administrative accounts
• Create and maintain secure access policies for all corporate applications and resources
• Implement and maintain security for SharePoint advanced permissions management
• Ensure proper separation of duties and least privilege access principles across all systems

Security Integration & Automation

• Develop Advanced PowerShell scripts to automate security monitoring, reporting, and remediation
• Create integrations using Microsoft Graph API for security data correlation and analysis
• Implement security log collection and analysis across Microsoft 365 services
• Design and implement security integrations between Microsoft security tools and third-party solutions
• Automate security compliance reporting and vulnerability remediation workflows
• Integrate enterprise search solutions like Glean with DLP infrastructure to ensure search results comply with security policies

Security Operations

• Monitor and respond to security incidents and alerts from Microsoft 365 Defender suite
• Provide expert-level troubleshooting for security-related issues across the Microsoft ecosystem
• Develop and maintain security incident response procedures
• Collaborate with IT operations teams to ensure security best practices are followed
• Provide security guidance and consultation for new technology implementations
• Create and deliver security awareness training for end users

You’ve Got What It Takes If You Have…

• 7+ years of experience implementing and managing security solutions within Microsoft 365 environments
• Deep expertise with Microsoft Purview compliance solutions and Data Loss Prevention (DLP) implementation
• Extensive experience with Microsoft Defender for Endpoint and advanced threat protection
• Advanced knowledge of Azure Active Directory security features, including Conditional Access and Identity Protection
• Strong experience with Jamf Pro security management for enterprise macOS environments
• Experience implementing and managing Intune security policies for Windows and mobile devices
• Thorough understanding of compliance frameworks including HIPAA, FedRAMP, SOC II, and GDPR
• Advanced proficiency in PowerShell scripting for security automation and compliance reporting
• Experience with Microsoft Graph API for security management and reporting
• Bachelor's degree in cybersecurity, information systems, or related field (or equivalent experience)

Extra dose of awesome if you have...

• CompTIA Security+ certification
• Certified Information Systems Security Professional (CISSP) certification
• Microsoft 365 Certified: Security Administrator Associate or Microsoft 365 Certified: Enterprise Administrator Expert
• Experience implementing Zero Trust security architectures
• Familiarity with cloud SIEM solutions such as Microsoft Sentinel
• Experience with security automation and orchestration
• Strong verbal and written communication skills with ability to translate technical security concepts to non-technical stakeholders
• This position is critical for maintaining our security posture and compliance status across our Microsoft environment and requires a candidate who can balance robust security controls with business operational needs.

#LI-Onsite

Our Culture:

Spark Greatness. Shatter Boundaries. Share Success. Are you ready? Because here, right now – is where the future of work is happening. Where curious disruptors and change innovators like you are helping communities and customers enable everyone – anywhere – to learn, grow and advance. To be better tomorrow than they are today.

Who We Are:

Cornerstone powers the potential of organizations and their people to thrive in a changing world. Cornerstone Galaxy, the complete AI-powered workforce agility platform, meets organizations where they are. With Galaxy, organizations can identify skills gaps and development opportunities, retain and engage top talent, and provide multimodal learning experiences to meet the diverse needs of the modern workforce. More than 7,000 organizations and 100 million+ users in 180+ countries and in nearly 50 languages use Cornerstone Galaxy to build high-performing, future-ready organizations and people today.

Check us out on LinkedIn, Comparably, Glassdoor, and Facebook!