Applied Systems is seeking an Infrastructure Security Engineer with deep expertise in the Microsoft Defender and Purview security ecosystems to design and operate our data protection and endpoint security infrastructure. You'll own the deployment and optimization of Microsoft Purview data governance and DLP, and Cloud App Security (CASB) capabilities across our Microsoft 365 environment. This role is perfect for an engineer who specializes in data security and has built real expertise with Microsoft's modern security stack, you'll work on high-impact initiatives around data classification, breach prevention, compliance automation, and endpoint threat response. You'll have the autonomy to own specific security domains while collaborating with cross-functional teams and incident response.
Responsibilities
Design, implement, and maintain security controls across the Microsoft Defender suite and data protection platforms
Design and deploy Microsoft Purview solutions including data classification, labeling, DLP, information barriers, and records management
Implement and manage Microsoft Purview Compliance Manager and audit logging for regulatory compliance
Design and maintain data security controls including Data Loss Prevention (DLP), encryption, and classification strategies
Conduct security reviews and threat modeling of data flows and information governance models
Implement and optimize Microsoft Cloud App Security (CASB) capabilities for SaaS application security and visibility
Develop and maintain runbooks for data breach procedures and incident response involving Defender and Purview solutions
Contribute to security monitoring, detection tuning, and alerting across Defender and Purview platforms
Assist with proof-of-concept builds for new Microsoft Defender and Purview capabilities
Participate in the Security Engineering Team on-call rotation
Requirements
Minimum of 3 years' experience in security engineering or data security, with hands-on work with Microsoft security products
Advanced hands-on experience with modern DLP solutions
Demonstrated experience designing and implementing Microsoft Purview solutions for data governance and compliance
Working knowledge of Data Loss Prevention (DLP) design, policy creation, and tuning across email, Teams, and endpoints
Strong understanding of data classification and sensitivity labeling strategies in Microsoft 365 environments
Experience with Microsoft Cloud App Security (CASB) or equivalent CASB technologies for SaaS visibility and control
Advanced knowledge of Windows and/or macOS operating systems, particularly regarding Defender for Endpoint agent deployment and management
Experience with one or more scripting languages (PowerShell, Python, Bash, C#)
Knowledge of encryption technologies and key management in Microsoft 365 context
Understanding of audit logging, threat intelligence integration, and advanced hunting in Defender platforms
Knowledge of compliance frameworks and their application in cloud environments (SOC 2, HIPAA, GDPR, PCI-DSS)
Demonstrated ability to work with systems at scale
Excellent written and verbal communication skills
Strong problem-solving abilities and attention to detail
Preferred Qualifications
Hands-on experience with Microsoft Purview Compliance Manager and regulatory compliance automation
Working knowledge of Microsoft Entra ID (formerly Azure AD) integration with Defender and Purview solutions
Familiarity with Azure infrastructure (Azure Firewall, Network Security Groups, etc.)
Experience with infrastructure-as-code technologies (Terraform, ARM templates, Bicep)
Microsoft security certifications (Security Engineer, Enterprise Administrator, or similar)
Experience with SIEM/SOAR integration with Microsoft Defender solutions
Skills Required
- Minimum of 3 years' experience in security engineering or data security
- Hands-on work with Microsoft security products (Microsoft Defender suite, Purview)
- Advanced hands-on experience with modern DLP solutions
- Designing and implementing Microsoft Purview solutions for data governance and compliance
- DLP design, policy creation, and tuning across email, Teams, and endpoints
- Strong understanding of data classification and sensitivity labeling strategies in Microsoft 365
- Experience with Microsoft Cloud App Security (CASB) or equivalent CASB technologies
- Advanced knowledge of Windows and/or macOS operating systems for Defender for Endpoint deployment and management
- Experience with one or more scripting languages (PowerShell, Python, Bash, C#)
- Knowledge of encryption technologies and key management in Microsoft 365
- Understanding of audit logging, threat intelligence integration, and advanced hunting in Defender platforms
- Knowledge of compliance frameworks and their application in cloud environments (SOC 2, HIPAA, GDPR, PCI-DSS)
- Demonstrated ability to work with systems at scale
- Excellent written and verbal communication skills
- Strong problem-solving abilities and attention to detail
- Hands-on experience with Microsoft Purview Compliance Manager and regulatory compliance automation
- Working knowledge of Microsoft Entra ID (Azure AD) integration with Defender and Purview solutions
- Familiarity with Azure infrastructure (Azure Firewall, Network Security Groups)
- Experience with infrastructure-as-code technologies (Terraform, ARM templates, Bicep)
- Microsoft security certifications (Security Engineer, Enterprise Administrator, or similar)
- Experience with SIEM/SOAR integration with Microsoft Defender solutions
Applied Systems Compensation & Benefits Highlights
-
Healthcare Strength — Coverage begins on the first day, spanning medical, dental, vision, mental health resources, wellness incentives, and FSAs. Life and disability insurance are also included as part of the core package.
-
Parental & Family Support — Six weeks of paid parental leave for all parents (birth or adoption) is provided, alongside fertility benefits, childcare and eldercare resources, and onsite mother’s rooms. Family medical leave and broader caregiving resources are also highlighted.
-
Leave & Time Off Breadth — Time off extends beyond vacation and holidays to include paid sick time, a birthday day, volunteer time, floating holidays, wellness days, and bereavement leave. Remote/hybrid flexibility under a “Work Reimagined” model complements formal leave with location flexibility.
Applied Systems Insights
What We Do
Transforming the insurance industry is ambitious, we know. That’s why at Applied, we’re building a team that shows up every day ready to learn, willing to try new things, and driven to deliver innovative software and services that make us indispensable to our customers – all within a culture built on values that make us indispensable to each other, too. At Applied, we have a mission and a vision that guide us, values that anchor us, and a determination to achieve that propels us forward. We push the boundaries of innovation to solve the biggest challenges in insurance – helping us earn the title of indispensable partner from our customers. Our teammates show up as they are, creating an authentic environment that fosters collaboration, curiosity and connections – and one that doesn’t waste time on the unnecessary confines of corporate bureaucracy or hierarchy. No matter the role or title, you have a voice at the table, space to work hard and achieve, and unending opportunities to be a great teammate.
Why Work With Us
Our commitment to you is simple: when you bring your best, we promise you a place where amazing career moments are made possible.
Gallery
Applied Systems Teams
Applied Systems Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
At Applied, we trust that our people will achieve the outcomes and deliver high-impact results to our customers, in whatever way - hybrid, in-person, or remote - that works best for them.




.png)