DLP Security Analyst

Fidelity National Financial

16h•$75,000 - $100,000•Remote

About The Position

Fidelity National Financial (FNF) is seeking a DLP Security Analyst to join our Information Security Office’s Defend Team. The DLP Security Analyst safeguards the organization’s sensitive data across endpoints, email, cloud services, and on-prem systems. This role operates DLP technologies, analyzes incidents, partners with the Engineering Team, Privacy/Legal Team, and helps continually improve controls to reduce data exfiltration risk while enabling business productivity. You’ll be the front line for protecting confidential data (PII, PHI, PCI, IP) through event triage, forensic analysis, and response.

Requirements

Bachelor’s degree or the equivalent combination of education, training, and work experience.
Requires 1 – 3+ years in security operations, IR/SOC, or DLP-focused roles.
Hands-on experience with one or more DLP platforms (e.g., Microsoft Purview DLP/Endpoint DLP, Symantec/Broadcom, Zscaler, Proofpoint).
Some Working knowledge of data classification, encryption, endpoint controls, email security, CASB, and cloud security concepts.
Understanding of regulatory requirements (e.g., PCI, HIPAA, SOX, GLBA) and privacy principles.
Excellent analytical, documentation, communication, and complex thinking skills

Nice To Haves

Experience partnering with Legal, Privacy, Compliance, and HR teams on data protection initiatives and investigations.
Scripting or automation experience (PowerShell, Python, or similar) to support DLP reporting, alerting, or operational efficiencies.
Relevant security certifications preferred (such as CISSP, CISM, GIAC, or Microsoft Security certifications).

Responsibilities

Monitor DLP alerts across channels (endpoint, network/email, cloud/SaaS) and prioritize, triage, and investigate events.
Perform evidence collection, and root cause analysis; escalate true positives to IR/SOC as needed.
Document incident timelines and outcomes; maintain high-quality case notes and playbooks.
Reduce false positives by accurately marking events during triage for reporting to the Engineering Team.
Operate in DLP platforms (e.g., Proofpoint, Zscaler)
Track and report KPIs (e.g., alert volumes, false-positive rate, mean time to triage/contain, coverage, repeat offenders).
Identify emerging patterns (exfil paths, channels, departments) and propose control or process improvements.
Review the DLP queue, triage top-priority alerts, and conduct investigations.
Meet with Legal/Privacy to align on policy thresholds; brief IR/SOC on new exfil patterns.
Generate weekly metrics; propose an improvement plan (e.g., labeling adoption or coaching campaigns).
Participate in post-incident reviews and update playbooks.