About The Position

Kentro is hiring for Senior Data Security Engineer to support USSOCOM EDAT Zero Trust. Before data can be protected under a Zero Trust architecture, it must be understood and precisely controlled. You will be responsible for securing the Command's complex information environment, ranging from hyperscale cloud data lakes on NIPR to legacy file shares and isolated storage arrays on the SIPR and Top-Secret networks. As a Senior Data Security Engineer, you will architect, deploy, and manage advanced data rights management, DLP policies, and security monitoring solutions. You will serve as the premier subject matter expert for Microsoft Azure security, with a heavy focus on Microsoft Purview and Microsoft Defender XDR. Furthermore, you will lead the implementation of Trellix Full Data Loss Prevention (DLP) and the Microsoft Defender suite to enforce continuous compliance, prevent unauthorized data exfiltration, and establish secure access boundaries for USSOCOM's critical intelligence.

Requirements

  • Master's degree (MA/MS) in Computer Science, Cybersecurity, Information Technology, or a related technical discipline.
  • 10+ years of relevant experience in enterprise systems engineering, data security, or cybersecurity operations.
  • Expert-level proficiency in Microsoft Azure security architecture, with a dedicated focus on implementing and managing Microsoft Purview and Microsoft Defender XDR.
  • Deep, hands-on expertise in the broader Microsoft Defender suite, specifically: Microsoft Purview (Sensitivity Labeling, DLP, Information Barrier policies), Microsoft Defender for Cloud Apps (Cloud Access Security Broker - CASB policies), Microsoft Entra ID (Identity and Access Management), Microsoft Conditional Access (Context-aware, zero-trust security policies).
  • Proven experience designing, tuning, and enforcing Trellix Full Data Loss Prevention (DLP) policies at an enterprise scale. Must have specific expertise in the integration of Palantir catalog solutions with Data Loss Prevention tools.
  • Strong experience implementing and administering AD-RMS and Azure RMS in complex, multi-domain, or hybrid cloud environments.
  • Proven experience integrating and managing metadata across enterprise catalogs such as Palantir, Microsoft Unified Catalog, and utilizing Purview Audit and Activity Explorer.
  • Strong understanding of storage protocols (NFS, SMB/CIFS, S3) and database structures (SQL, NoSQL) to troubleshoot security scanning access.
  • Must possess one of the following DoD 8570/8140 IAT Level III certifications: CISSP, CASP+, CCSP, CISM.
  • TS/SCI Clearance
  • Must be a US Citizen

Nice To Haves

  • Advanced knowledge of Kusto Query Language (KQL) for writing sophisticated detection rules, hunting queries, and diagnostic analysis within Microsoft Sentinel/Defender XDR.
  • Strong proficiency in Splunk Processing Language (SPL) for building advanced dashboards, alerts, and performing forensic analysis.

Responsibilities

  • Azure Security & XDR: Architect and manage comprehensive Azure security solutions, serving as the primary lead for deploying and tuning Microsoft Purview and Microsoft Defender XDR across hybrid and classified environments.
  • Defender & Access Policy: Design and configure precise security policies within the Microsoft Defender suite, specifically leveraging Microsoft Purview, Microsoft Defender for Cloud Apps (MCAS), Entra ID, and Microsoft Conditional Access to control resource access based on identity, device compliance, and risk.
  • Trellix DLP Enforcement: Design, deploy, and enforce Trellix Full Data Loss Prevention (DLP) policies across endpoints and networks to stop unauthorized exfiltration of CUI and classified data without impacting mission performance.
  • Data Rights Management: Manage Active Directory Rights Management (AD-RMS) and Azure RMS as the primary DRM engines to enforce persistent, encryption-based protection of files and emails across USSOCOM networks.
  • Catalog & DLP Integration: Drive data catalog integration and metadata synchronization with enterprise platforms including Palantir, Microsoft Unified Catalog, Purview Audit, and Activity Explorer. Specifically, lead the integration of Palantir catalog solutions with Data Loss Prevention (DLP) tools to ensure seamless, end-to-end data security and monitoring.
  • Classification Tuning: Collaborate with mission owners to train classifiers and DLP rules to recognize unique USSOCOM data types (e.g., mission names, operational codes) and drastically reduce false positive rates in security alerts.

Benefits

  • paid time off
  • healthcare benefits
  • supplemental benefits
  • 401k including an employer match
  • discount perks
  • rewards
  • education reimbursement for certifications, degrees, or professional development
  • flexibility for you to take a course, complete a certification, or other professional growth and networking
  • funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
  • host and attend charity galas/events
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service