Job description

About NorthMark Strategies NorthMark Strategies is a multi-strategy investment advisory firm that provides strategic advice, asset management, and value-added professional services to investors, investment managers, and privately owned operating companies around the world. Our company’s mission is to integrate world class investments, operational excellence, and exceptional talent. Our values are Integrity, Ability, and Energy, and the company aims to hire individuals who possess those qualities. Our company offers a dynamic environment where individuals have the freedom to lead companies toward bold achievements by embracing innovation, leveraging technology, and fostering differentiated business strategies. We provide individuals with the opportunity to extend beyond boundaries and be in an optimal position to unlock exceptional value and drive unprecedented growth. About the Role: As a Cyber Defense Engineer, you will play a critical role in strengthening and maturing the Insider Threat Program for a rapidly growing investment firm and its affiliated entities. This is a highly technical and specialized role responsible for engineering and scaling enterprise-grade insider threat defenses, with a strong focus on Microsoft Purview Insider Risk Management, Data Loss Prevention (DLP), and User and Entity Behavior Analytics (UEBA) platforms. The successful candidate will bring technical expertise, with a proven ability to design and implement scalable policies that protect sensitive information. This role is critical in evolving detection and response capabilities, partnering with stakeholders to identify sensitive data, and ensuring insider threat protections align with business priorities. Responsibilities Include, but Are Not Limited to: • Architect and optimize Microsoft Purview Insider Risk Management to detect, triage, and respond to potential insider risks, ensuring alignment with regulatory, legal, and business requirements. • Engineer and refine enterprise DLP policies across endpoints, cloud services, and collaboration platforms to prevent data exfiltration and misuse. • Develop advanced insider threat detection use cases, leveraging telemetry, behavioral analytics, and UEBA models to identify anomalous activities, privilege misuse, and data handling risks. • Design, implement, and tune monitoring systems that track user behavior, data access patterns, movement of sensitive data, and abnormal workflows to proactively detect emerging threats. • Lead technical investigations of insider threat alerts and incidents, applying deep forensic techniques, correlation across SIEM/EDR/DLP systems, and behavioral context analysis. • Design, deploy, and tune DLP policies to protect sensitive data across email, endpoints, SharePoint, OneDrive, and Teams. • Enhance sensitivity labeling and auto-labeling policies to improve coverage and accuracy. • Ensure multi-tenant policy consistency while respecting regional and regulatory requirements. • Collaborate with Cyber Defense Operations analysts to fine-tune insider threat alerts and reduce false positives. • Partner with HR, Legal, Compliance, Business team, and IT to identify sensitive and regulated data types requiring monitoring and protection. • Translate business needs into actionable DLP and insider threat use cases. Requirements and Qualifications: • Minimum 6+ years of experience in cybersecurity engineering, insider threat or SOC engineering. • Hands-on expertise with Microsoft Purview Insider Risk Management and DLP policy creation/tuning • Strong knowledge of sensitivity labels, auto-labeling, and classification strategies • Experience deploying and managing solutions across multiple Microsoft 365 tenants. • Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent work experience) • Familiarity with threat hunting, MITRE ATT&CK framework, and incident response methodologies. • Excellent analytical, communication, and problem-solving skills.

Requirements