Cybersecurity Engineer (Microsoft Defender, Purview)

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São Paulo, Brazil

Job Description:

We are searching for the best talent for Cybersecurity Engineer with deep hands-on experience in Microsoft Defender for Office 365 and Microsoft Purview.
 

The role will design, implement, tune, and operate email/office threat protection and data protection controls across the Microsoft 365 environment.

You will lead detection and response for email threats, implement DLP and information protection policies, integrate controls with SIEM/automation, and partner with IT, legal, and privacy teams to manage compliance and data governance.

Key Responsibilities

• Design, deploy, and maintain Microsoft Defender for Office 365 capabilities (anti-phishing, Safe Links, Safe Attachments, mail flow protection, ATP configurations)

• Implement and manage Microsoft Purview solutions: Information Protection (sensitivity labels, auto-labeling), Data Loss Prevention (DLP), Records Management, and Insider Risk Management

• Tune detection rules, policies, and analytics to reduce false positives and increase detection efficacy.

• Investigate and respond to incidents originating from email/M365 data channels; lead triage, root-cause analysis, remediation, and post-incident lessons learned.

• Integrate Defender for O365 and Purview telemetry with SIEM (e.g., Azure Sentinel) and SOC playbooks; create and maintain automation (PowerShell, Playbooks, Graph API).

• Create and maintain technical documentation, runbooks, and standard operating procedures for detection, response, and policy lifecycle.

• Perform ongoing policy risk assessments, control effectiveness reviews, and compliance support for audits and legal requests.

• Stay current with Microsoft feature releases and security trends; recommend platform improvements and roadmap items

Required Qualifications

• 3+ years of hands-on experience administering Microsoft 365 security/compliance tools with specific experience in Defender for Office 365 and Microsoft Purview/Information Protection.

• Demonstrable experience tuning and operating email threat detection and DLP/information protection policies. Strong scripting/automation skills (PowerShell required; experience with Graph API, REST, or other automation tools a plus).

• Experience integrating Microsoft security log sources into SIEM and building detection rules/queries (KQL preferred).

• Solid understanding of email protocols, mail flow, phishing techniques, malware delivery vectors, and common attacker techniques.

• Experience conducting incident investigations and forensic analysis in M365 environments.

• Excellent written and verbal communication: can translate technical risk into business impact and create effective playbooks.

Technical Skills & Tools

• Microsoft Defender for Office 365 (Safe Links, Safe Attachments, anti-phishing, mail trace, attack simulation)

• Microsoft Purview / Compliance Center (sensitivity labels, auto-labeling, DLP, eDiscovery, retention)

• Exchange Online, SharePoint Online, OneDrive, Teams administration concepts

• PowerShell scripting for Microsoft 365 / Exchange Online

• Microsoft Graph API (preferred)

• Kusto Query Language (KQL) for analytics/detections

• SIEM/Log ingestion (Azure Sentinel, Splunk, etc.)

• Threat intelligence and phishing simulation tools

• Common forensic and incident response methodologies

Certifications (nice-to-have)

• Microsoft 365 Security Administrator Associate (MS-500)

• Microsoft Security Operations Analyst (SC-200)

• Microsoft Information Protection Administrator (SC-400)

• Security+, CISSP, or equivalent industry certifications

Behavioral / Soft Skills

• Strong analytical and problem-solving ability with attention to detail

• Collaborative mindset; experience working cross-functionally (IT, Legal, HR, Privacy, Compliance)

• Able to prioritize under pressure and handle multiple investigations concurrently

• Capacity to translate technical findings into business-facing recommendations

 

 

Required Skills:

Email Security, Microsoft Defender

 

 

Preferred Skills:

Communication, Corrective and Preventive Action (CAPA), Critical Thinking, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Network Optimization, Presentation Design, Process Optimization, Report Writing, Security Policies, Technical Credibility, Technologically Savvy, Training People, Vulnerability Assessments