Senior Data Security Engineer

About The Position

Requirements

• Active Top-Secret/SCI Clearance
• Master of Science (MS) degree in Cybersecurity, Computer Science, Mathematics (Cryptography focus), or a related technical field.
• 10+ years of technical related experience.
• CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
• Extensive hands-on experience (5+ years) designing and administering Enterprise Digital Rights Management (EDRM) or Information Rights Management (IRM) systems, specifically Kiteworks, Microsoft Azure Information Protection (AIP/RMS), or Virtru.
• Deep understanding of cryptographic protocols (AES-256, RSA), Public Key Infrastructure (PKI), and Key Management Service (KMS) operations.
• Proven ability to design complex Attribute-Based Access Control (ABAC) logic and Conditional Access policies.
• Understanding of how encryption travels across Cross-Domain Solutions (CDS) and the challenges of key management in air-gapped networks.

Responsibilities

• Architect and configure the Kiteworks Private Content Network (SIPR/Top Secret) and Microsoft Purview (NIPR) to serve as the central Policy Decision Points (PDP) for file access.
• Translate NIST 8112 metadata attributes into concrete DRM policies (e.g., "Allow View ONLY if User.Clearance >= TopSecret AND Device.State = Compliant").
• Manage the lifecycle of encryption keys (Bring Your Own Key - BYOK, Customer Managed Keys) ensuring FIPS 140-2/3 compliance and availability across hybrid and air-gapped environments.
• Configure advanced DRM features such as SafeVIEW and SafeEDIT in Kiteworks to allow users to view and edit sensitive documents in a secure, containerized stream without the data ever leaving the controlled repository.
• Define and enforce "Rights Management" controls, specifically preventing actions like Copy/Paste, Screen Capture, and Printing for documents tagged with specific sensitivity labels (e.g., CUI, Secret/NoForn).