Senior Data Loss Prevention (DLP) - Hybrid, San Jose, CA

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related fields.
• 3+ years of experience in cybersecurity, with a focus on data loss prevention, insider threat, or data protection.
• Deep technical expertise in DLP solutions (e.g., Microsoft Purview, Cyberhaven, Digital Guardian, Netskope).
• Experience with data discovery, classification, and protection technologies.
• Strong analytical, investigative, and incident response skills.
• Familiarity with SIEM tools and user behavior analytics (UBA).
• Excellent written and verbal communication skills; ability to convey technical concepts to non-technical stakeholders.
• Ability to work collaboratively in cross-functional teams and manage multiple priorities.

Nice To Haves

• Industry certifications (e.g., CISSP, CISM, CEH, Security+, Insider Threat Program Manager).
• Experience with cloud security, endpoint protection, or CASB solutions.
• Knowledge of regulatory and compliance frameworks relevant to data protection (e.g., GDPR, PCI, NIST 800-53, PCI, FedRAMP).

Responsibilities

• Design, implement, and maintain enterprise DLP technology solutions across endpoints, servers, cloud, and network environments.
• Act as a subject matter expert for DLP tools (Cyberhaven, Digital Guardian, Case Management).
• Develop and refine DLP policies and technical architecture diagrams to support data protection objectives.
• Oversee DLP endpoint agent deployment, configuration, and maintenance.
• Lead data discovery and classification efforts using DLP and information protection tools (Microsoft Information Protection, Azure Information Protection, WIZ, Tenex).
• Collaborate with privacy, engineering, and cybersecurity teams to ensure data is classified and protected in line with regulatory and business requirements.
• Monitor and analyze DLP alerts to detect and respond to potential data loss or exfiltration incidents.
• Investigate and resolve incidents involving the theft or loss of sensitive, consumer, employee, or intellectual property data.
• Manage insider risk using dedicated tools (e.g., Microsoft Insider Risk Management).
• Tune DLP policies and rules to reduce false positives and enhance detection accuracy.
• Identify opportunities to automate enforcement and response actions.
• Stay current with industry trends, emerging threats, and best practices in DLP and insider risk management.
• Interface with stakeholders across cyber, privacy, engineering, and data protection functions to align DLP with organizational goals.
• Communicate risks, incidents, and recommendations to management and executive stakeholders.
• Create and maintain technical documentation, incident reports, and dashboards for management review.
• Ensure the DLP program aligns with regulatory requirements (GDPR, PCI, NIST CSF) and contractual obligations.
• Support audits and assessments related to data protection and DLP controls.