Staff Data Security Engineer

About The Position

Requirements

• 6+ years of experience in information security, with at least 4 years focused on data security, DLP or DSPM.
• Hands-on expertise with Microsoft Purview DLP, including policy creation, scoped deployments, adaptive protection, and incident management - Required
• Strong proficiency with Microsoft Defender XDR suite: Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and Defender for Office 365 - Required
• Demonstrated experience with Microsoft Sentinel, including custom analytic rules, KQL query development, workbooks, and SOAR playbooks - Required
• Experience with Varonis Data Security Platform for data access governance, risk prioritization, and threat detection - Required
• Familiarity with DSPM concepts and tooling, including sensitive data discovery and cloud data risk management - Required
• Solid understanding of data classification frameworks and Microsoft Purview Information Protection (sensitivity labels, auto-labeling, trainable classifiers) - Required
• Experience implementing DLP across multiple vectors: email, endpoint, cloud applications, and network - Required
• Demonstrated capability to analyze, operationalize, and continuously improve security controls and business processes - Required
• Knowledge of relevant compliance frameworks and regulations: ISO 27001/27701, SOC 2 and NIST‑aligned compliance and security frameworks, particularly as they relate to data protection and DLP - Required
• Proven experience with email authentication standards (DMARC, SPF, DKIM) and their implementation in Microsoft 365.
• Excellent analytical and problem-solving skills with a security-first mindset - Required

Nice To Haves

• Master’s degree in Arts/Sciences (MA/MS) or professional industry certification - Preferred
• Microsoft certifications: SC-400 (Information Protection Administrator), SC-200 (Security Operations Analyst), SC-100 (Cybersecurity Architect), or AZ-500 - Preferred
• Experience with additional DLP or CASB platforms (e.g., Symantec DLP, Forcepoint, Zscaler) - Preferred
• Familiarity with cloud security posture management (CSPM) in Azure, AWS, or GCP environments - Preferred

Responsibilities

• Design, deploy, and tune DLP policies across Microsoft Purview DLP, covering Exchange Online, SharePoint, Teams, OneDrive, and endpoint devices
• Configure and manage labeling policies, trainable classifiers, and exact data match (EDM) for sensitive data types
• Integrate DLP capabilities with the Defender suite.
• Configure and manage Microsoft Defender for Endpoint and its Endpoint DLP component to monitor and control data on client devices.
• Leverage Microsoft Defender for Cloud Apps (MDCAS) for cloud-based DLP and real-time monitoring of SaaS applications.
• Configure data connectors and analytic rules in Sentinel for DLP alerts and email security events.
• Monitor DLP incidents, conduct root-cause analysis, and drive policy refinement to reduce false positives while maintaining coverage
• Extend DLP coverage beyond Microsoft 365 to third-party SaaS platforms, on-premises systems, and network egress points to reduce unauthorized data access and exfiltration
• Collaborate with stakeholders to develop data handling standards and acceptable use policies and establish consistent policy frameworks, enforcement models, and automation for data protection
• Create and maintain technical documentation, runbooks, and Standard Operating Procedures (SOPs) for the Data Security program.
• Build automation and scalable processes to reduce manual effort
• Deploy and manage DSPM tooling to provide continuous visibility into sensitive data discovery, risk exposure, and access patterns
• Leverage Varonis for data access governance, entitlement reviews, and detection of abnormal data access behaviors across file shares, SharePoint, and cloud storage
• Conduct regular data risk assessments, identify overexposed sensitive data, and drive remediation with data owners
• Integrate DSPM findings into broader risk reporting and security metrics dashboards
• Produce regular reporting on policy effectiveness, data risk posture, and key security metrics for leadership
• Partner with data owners across business units to ensure proper classification of structured and unstructured data assets

Benefits

• annual bonus plan
• long-term equity incentive plan
• full range of health, retirement, and other employee benefits