Senior Engineer (Sr. Data Security Analyst)

College Board

1d•Remote

About The Position

College Board’s Enterprise Security Engineering (ESE) team currently consists of 6 full-time staff and additional contractors. ESE is responsible for implementing and managing cutting-edge security solutions and tools. We protect the confidentiality, integrity and availability of data and endpoints across physical and cloud environments. We protect workloads and data in AWS and Azure, corporate networks, user endpoints around the country and data in SaaS and PaaS environments. We enable our developers and colleagues to deliver new, secure digital offerings that include the Digital SAT and AP exams. The work we perform supports the College Board’s mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success. You are passionate about protecting sensitive information and ensuring data is used responsibly and securely. As a Senior Engineer (Sr. Data Security Analyst), you’ll play a critical role in identifying, assessing, and mitigating data-related risks across the organization. This role exists to safeguard information assets, support privacy and compliance goals, and strengthen resilience against internal and external threats. You’ll collaborate closely with cybersecurity, data governance, privacy, engineering, and operations teams to build and enforce security controls that align with regulatory frameworks and business and security priorities. With a strong background in data science, you bring a unique ability to analyze complex datasets, develop predictive models for risk detection, and uncover insights that enhance our security posture. You’ll apply advanced analytical techniques and automation to monitor data flows, identify anomalous behavior, and support data classification and policy enforcement efforts at scale. Your expertise will help drive data-informed security decisions, improve threat detection, and ensure data protection strategies are proactive, efficient, and evidence-based.

Requirements

5+ years of experience in data security, cybersecurity, or information protection roles, ideally in mid- to large-scale environments, with a strong understanding of how data is collected, used, and protected across complex ecosystems
Proven ability to leverage AI/ML or advanced analytics to uncover hidden risks, reduce false positives, and guide security decision-making.
Experience building AI-driven agents or automation scripts to accelerate DLP scans and/or investigations, prioritize alerts, or enrich incident data with contextual insights (Python experience is preferred)
Hands-on expertise with data protection and governance tools and familiarity with leveraging these tools for data discovery, classification, and analytics
Strong working knowledge of security principles including data classification, access control, encryption, tokenization, and privacy-by-design, with the ability to apply these concepts through a data-driven lens
Experience working with AWS and Azure data sources, including the ability to analyze data flows and monitor risks to the data in cloud-native environments
Experience conducting investigations into data loss, insider threats, or anomalous access behaviors using SIEM or endpoint security tools, and enhancing detection through behavioral analysis or anomaly detection models
Excellent communication and collaboration skills, including the ability to translate technical findings for non-technical stakeholders and work cross-functionally across security, legal, IT, and data teams
Strong organizational and analytical skills, with the ability to derive insights from large or complex datasets to inform security decision-making.
A passion for expanding educational and career opportunities and mission-driven work
Authorization to work in the United States for any employer
Proficiency in Microsoft Suite Tools (or a willingness to learn)
Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and a comfort learning and applying new digital tools independently and proactively.
Clear and concise communication skills, written and verbal
Evidence of skills and mindsets required to live out College Board’s Operating Principles, notably: A commitment to candid, timely, respectful feedback A learner orientation and an openness to ideas and diverse perspectives The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success

Nice To Haves

Python experience is preferred

Responsibilities

Define, implement, and maintain data classification, handling, and access control policies and standards across cloud and on-prem environments, leveraging data analytics to ensure policies address current threats.
Configure and tune DLP tools, DSPM, CASB, and cloud-native security controls to detect and prevent exfiltration of sensitive data or models, using statistical and machine learning techniques to optimize detection thresholds and reduce false positives.
Map and inventory sensitive data using security tools and support automated tagging to better inform security controls and data lifecycle management.
Provide subject matter expertise on encryption, tokenization, and access management for structured, semi-structured, and unstructured data.
Participate in risk assessments, control testing, and audits as needed with data owners across the organization, applying data-driven analysis to quantify risks and support evidence-based remediation plans.
Recommend enhancements to data protection tooling and processes based on emerging threats and lessons learned, incorporating trends from security analytics and predictive risk modeling.
Monitor data security alerts and anomalies supported by College Board’s security tools.
Triage data-related security events, interfacing with data custodians and escalating to the Cyber Defense Team as needed, leveraging behavioral analytics to improve prioritization.
Assist Cyber Defense in DLP investigations, utilizing forensic and data mining techniques to support root cause analysis.
Maintain awareness of threats and behavioral risks tied to data access, incorporating insights from user and entity behavior analytics (UEBA).
Utilize internal AI agents to enable more accurate reviews, helping to automate the identification of high-risk data interactions and enhance the speed of investigation.
Work with Legal, Privacy, and Data Governance teams to align data protection practices with policies and laws
Support regulatory and internal compliance needs related to data handling and privacy laws by providing evidence or information to Privacy or GRC as requested
Deliver regular data security related reporting and metrics, incorporating trends, KPIs, and predictive indicators that highlight risks and drive continuous improvement.