Lead the response to DLP and data security incidents, including investigation, containment, remediation, and root cause analysis for suspected data exfiltration or improper data handling.
Own the deployment, configuration, and continuous tuning of DLP controls across endpoints, network egress, SaaS applications, and cloud storage to protect PHI, PII, PCI, and other sensitive data.
Develop and maintain DLP policies, rules, and classifications that balance security, usability, and regulatory/client requirements.
Build and refine automated response playbooks and workflows that enrich, triage, and respond to DLP alerts, reducing manual effort and mean time to respond.
Perform proactive hunting for anomalous data movement, including unusual destinations, channels, or volumes, using DLP telemetry, EDR, SIEM, and identity signals.
Partner with Security Engineering, IT, Legal, Privacy, Compliance, and business stakeholders to design and enforce secure data-handling patterns and exception processes.
Contribute to broader incident response activities where data exposure or regulatory impact is a concern, including evidence handling and stakeholder communication.
Define and track key DLP metrics (coverage, detection quality, MTTD/MTTR, false positive rate) and communicate progress to security leadership and cross-functional partners.

Requirements

Minimum 5+ years of hands-on experience in security operations, incident response, or security engineering roles, with a strong emphasis on data protection and DLP.
Direct, hands-on experience deploying, tuning, and operating DLP tools (endpoint, network, SaaS, and/or cloud) in a production environment.
Experience implementing and operating Cloud Access Security Broker (CASB) or similar SaaS security controls
Deep experience integrating DLP signals into SIEM/SOAR workflows (e.g., CrowdStrike, Splunk, Sentinel)
Advanced scripting/automation skills (e.g., Python, PowerShell, KQL/SQL) used to enrich, tune, and report on DLP/IR telemetry at scale.
Proven experience with Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne) and using them alongside DLP to investigate and contain data-focused incidents.
Strong experience with cloud data protection in AWS, including identifying and remediating misconfigurations, and leveraging native security services (e.g., GuardDuty, Security Hub) and CSPM tooling.
Experience designing and maintaining data classification and policy frameworks for PHI, PII, PCI, and other sensitive data types.

Benefits

Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
Generous Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
12 weeks of 100% Paid Parental leave
Up to $25,000 Fertility and Family Building Benefit
Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
11 Holidays Paid with one Floating Paid Holiday
Work-From-Home reimbursement to support team collaboration and effective home office work
24 hours of Paid Volunteer Time Off ("VTO") Per Year to Volunteer with Charitable Organizations

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

data loss prevention (DLP)incident responsedata protectionscriptingautomationendpoint detection and response (EDR)cloud data protectiondata classificationpolicy frameworksroot cause analysis

Soft Skills

communicationcollaborationproblem-solvinganalytical thinkingleadership