Data Security Analyst, Team Lead

About The Position

Requirements

• Minimum 3+ year(s) of experience in cybersecurity operations, data security, security tooling administration, SOC operations, or a related security analyst role.
• Hands-on experience with DLP and/or data protection tools, including policy deployment, alert triage, tuning, and response workflows.
• Strong understanding of data protection concepts across on‑prem, cloud, SaaS, and endpoint environments.
• Demonstrated ability to lead day-to-day operations, prioritize work, and ensure consistent outcomes.
• Experience reviewing or mentoring analysts and improving team performance.
• Strong communication skills with the ability to coordinate escalations and partner with technical and non‑technical stakeholders.
• Ability to balance risk reduction with business impact and customer experience.
• Must pass NERC CIP & Insider Threat Protection background checks.

Nice To Haves

• Experience with Data Security Posture Management (DSPM) tools and workflows (discovery, exposure identification, remediation tracking).
• Experience with data classification/labeling programs and improving classifier quality/coverage.
• Familiarity with alert triage and escalation processes in partnership with SOC/Incident Response functions.
• Experience integrating signals into SIEM/SOAR or working with ticketing/workflow systems for operational tracking.
• Familiarity with data handling controls such as encryption, access control, and secure collaboration/sharing restrictions.
• Understanding of encryption technologies and enterprise data protection standards.
• Certifications (nice to have): Security+, GSEC, SSCP, MSFT SC‑200/SC‑401, or other security operations / data protection credentials.
• Experience supporting or securing critical infrastructure environments.

Responsibilities

• Deploy, configure, and maintain DLP and DSPM policies across in‑scope channels (e.g., email, endpoints, SaaS/cloud repositories, etc.) in alignment with program standards and priorities.
• Provide day-to-day guidance and task prioritization for a team of analysts to ensure consistent operational coverage.
• Review analyst work (alert handling, investigations, tuning changes, documentation) to ensure quality and adherence to standards.
• Act as the primary escalation point for analysts and remove blockers to maintain workflow efficiency.
• Drive consistent use of runbooks, playbooks, and standard operating procedures.
• Coach and mentor other analysts to build technical capability and investigative maturity.
• Monitor, review, and triage data security alerts; determine severity and next steps, perform initial investigation, and document findings and actions.
• Execute defined response actions (e.g., alert, notify, quarantine, block, restrict sharing, require encryption) and follow established workflows for incident handling and escalation.
• Tune and improve DLP rules, detection logic, and policies to reduce false positives, improve signal quality, and minimize business disruption.
• Support deployment and ongoing execution of data encryption controls for sensitive data at rest and in transit, in alignment with enterprise encryption standards and data handling requirements.
• Coordinate encryption enablement activities with platform teams, data owners, and application teams, including validation, testing, and documentation of implemented controls.
• Support data classification and labeling efforts by validating detections, refining patterns/classifiers, and assisting with coverage expansion and quality improvements.
• Conduct basic investigations by correlating alert details with relevant logs/telemetry and partnering with the SOC/IR teams when additional investigative depth is needed.
• Identify when to engage key stakeholders (e.g., Legal, Privacy, Compliance, HR, business owners) and coordinate escalation pathways based on defined criteria.
• Create and maintain operational documentation, including runbooks, response playbooks, encryption validation steps, and standard operating procedures.
• Track and report operational metrics such as alert volumes, false positives, time‑to‑resolution, and recurring themes requiring control or policy changes.
• Participate in continuous improvement activities, including encryption coverage expansion, policy reviews, rule enhancements, and operational process improvements.
• Work effectively within an analyst team by sharing workload, coordinating priorities, maintaining coverage, and supporting a customer‑focused service mindset.
• Promote a culture of accountability, collaboration, and operational excellence while supporting the broader Data Security Program’s goals.

Benefits

• 4 days onsite, 1 day remote