Engineer, Data Loss Prevention

Inmar Intelligence•Winston-Salem, NC

About The Position

Position Summary: The Data Loss Prevention (DLP) Engineer is a member of the Security Operations Center (SOC) team responsible for implementing and operating Inmar’s data loss prevention program. This role focuses on protecting sensitive data from unauthorized disclosure, exfiltration, or misuse through the deployment and tuning of DLP technologies across endpoints, networks, and cloud services. The DLP Engineer designs and implements detection rules, analyzes DLP alerts and events, maintains complex detection patterns (primarily regex-based), and works closely with data owners and business stakeholders to balance data security with operational needs. The incumbent must possess strong technical skills in pattern matching, data classification, and security policy enforcement, combined with the ability to investigate and remediate potential data exposure incidents. The candidate must have a service-oriented mentality with strong communication skills to work with business units on data handling practices, a keen eye for false positive reduction, and the ability to continuously refine detection logic to improve accuracy while minimizing disruption to legitimate business activities.

Requirements

Bachelor degree in Computer Science, Information Security, Information Technology, or related field.
3-5 years of experience in cybersecurity with at least 2 years focused on data loss prevention, data security, or security operations.
Strong proficiency in regular expressions (regex) for pattern matching and data identification.
Experience with enterprise DLP solutions.
Understanding of data classification frameworks and sensitive data types (PII, PHI, PCI, trade secrets, intellectual property).
Knowledge of data transmission protocols and common data exfiltration channels (email, web uploads, removable media, cloud storage, messaging platforms).
Strong analytical skills with ability to investigate security events and distinguish true positives from false positives.
Experience with SIEM platforms and security event correlation.
Basic Proficiency with scripting or automation (Python, PowerShell, or similar) for data analysis and workflow automation.
Excellent written and verbal communication skills with ability to explain technical findings to non-technical stakeholders.
Understanding of data privacy regulations such as GDPR, CCPA, HIPAA, and PCI-DSS.

Nice To Haves

Certifications such as CISSP, Security+, CEH, GCFA, or vendor-specific DLP certifications.
Experience with cloud DLP solutions for Microsoft 365, Google Workspace, AWS, or Azure environments.
Knowledge of insider threat detection methodologies and user behavior analytics (UBA/UEBA).
Experience with data classification tools and automated content inspection technologies.
Understanding of endpoint security controls and endpoint DLP deployment models.
Familiarity with SOAR platforms and automated response workflows.
Experience with forensic analysis of data exposure incidents.
Knowledge of cryptography and encryption technologies for data protection.

Responsibilities

Design, implement, and maintain DLP policies across endpoint, network, email, and cloud platforms to prevent unauthorized data disclosure.
Develop and maintain complex detection patterns using regular expressions (regex), keyword matching, file fingerprinting, and metadata-based rules for identifying sensitive data (PII, PHI, PCI, intellectual property, etc.).
Configure and tune DLP rules to detect sensitive data across structured and unstructured formats including documents, databases, emails, web traffic, and cloud storage.
Continuously optimize detection accuracy by reducing false positives while maintaining effective coverage of true data exposure risks.
Monitor, analyze, and investigate DLP alerts and events to determine if they represent genuine data exposure risks or false positives.
Conduct detailed analysis of flagged events including reviewing content snippets, user behavior patterns, file metadata, and transmission channels.
Correlate DLP events with other security data sources (SIEM, endpoint detection, user behavior analytics) to identify potential insider threats or data exfiltration attempts.
Document investigation findings and provide clear recommendations on incident severity, required remediation actions, and policy adjustments.
Escalate confirmed data exposure incidents to incident response team and support forensic investigations as needed.
Engage with engineering teams to maintain and optimize DLP infrastructure including agents, network sensors, cloud connectors, and management consoles.
Develop and maintain automated workflows for alert triage, policy updates, and reporting.
Create and maintain comprehensive documentation of DLP policies, detection patterns, investigation procedures, and operational runbooks.
Test new DLP rules and policies in non-production environments before deployment to minimize business disruption.
Integrate DLP systems with other security tools including SIEM, SOAR, ticketing systems, and data classification platforms.
Contribute to the strategic development and maturation of the organizations DLP program aligned with data protection objectives and regulatory requirements.
Research and evaluate new DLP technologies, detection techniques, and data classification methodologies to enhance program effectiveness.
Identify gaps in data visibility and coverage, recommending expansion of DLP controls to new data repositories, communication channels, or cloud services.
Develop metrics and KPIs to measure DLP program effectiveness including policy coverage, detection accuracy, incident response times, and false positive rates.
Provide regular reporting on DLP trends, top data exposure risks, user behavior patterns, and policy effectiveness to SOC management and stakeholders.
Collaborate with legal, compliance, privacy, HR, and business units to understand data handling requirements and ensure DLP policies support business operations.
Provide guidance to business teams on secure data handling practices and acceptable use of sensitive information.
Support privacy and compliance teams with DLP controls for regulatory requirements (GDPR, CCPA, HIPAA, PCI-DSS, etc.).
Participate in data classification initiatives to ensure consistent labeling and handling of sensitive information.
Support incident response activities related to data exposure or insider threat investigations.
Participate in security awareness initiatives by providing real-world examples of data exposure risks and best practices.
Maintain knowledge of data protection regulations, industry best practices, and emerging data exfiltration techniques.
Support audit and compliance activities by providing DLP policy documentation, configuration details, and evidence of monitoring.
Contribute to change management processes for DLP policy updates and system modifications.
Operate within SOC workflows, SLAs, and escalation paths for data exposure incidents.

Benefits

Medical, Dental, and Vision insurance
Basic and Supplemental Life Insurance options
401(k) retirement plans with company match
Health Spending Accounts (HSA/FSA)
Flexible time off and 11 paid holidays
Family-building benefits, including Maternity, Adoption, and Parental Leave
Tuition Reimbursement and certification support, reflecting our commitment to lifelong learning
Wellness and Mental Health counseling services
Concierge and work/life support resources
Adoption Assistance Reimbursement
Perks and discount programs