Author, maintain, and optimize DLP rules and policies using techniques such as: Regular expressions, Keyword and dictionary‑based detection, Exact Data Match (EDM) / Indexed Data Match (IDM), Document fingerprinting, Machine‑learning classifiers, Classification labels and metadata
Translate business requirements, regulatory obligations, and risk scenarios into: Detection logic, Comprehensive test cases, Promotion criteria (monitor → prevent)
Conduct technical investigations of security events and incidents, including post‑incident analysis and digital forensics, to identify root causes and recommend long‑term mitigation strategies.
Continuously tune DLP policies to reduce false positives and negatives using telemetry, triage feedback, and controlled experimentation, measure and report precision, recall, and block efficacy.
Manage DLP policy‑as‑code artifacts using version control, peer review, and change‑management processes, maintaining traceability from requirement to implementation.
Develop and maintain: Operational runbooks, Exception and release‑code workflows, User‑facing guidance and FAQs, Release notes for policy updates and changes
Partner with DLP operations and Incident Response teams to: Triage alerts and events, Analyze trends and root causes, Drive corrective actions with data owners and application teams, Define, track, and report key performance and risk indicators (KPIs/KRIs), including alert volumes, false-positive rates, channel coverage, and policy maturity.
Support audits and regulatory exams by preparing evidence, maintaining documentation, and supporting quarterly and annual reviews.
Align DLP rules and enforcement with Wells Fargo’s information classification and labeling program, ensuring consistent use of tags and labels in policy conditions.
Serve as a subject matter expert for: SaaS and application security reviews, AppMail and data‑egress use cases, Secure data‑sharing controls
Collaborate cross‑functionally with Information Protection, Risk, Legal, Messaging & Collaboration, Endpoint, and Cloud teams to safely deploy and evolve controls.
Mentor peers and contribute to standards, reusable patterns, and best practices for DLP engineering and security content development.

Requirements

5+ years of Engineering experience, or equivalent demonstrated through work experience, training, military service, or education
5+ years of experience in information protection, DLP engineering, or security content development
Hands‑on experience authoring and managing policies on one or more enterprise DLP platforms, such as: Microsoft Purview, Broadcom (Symantec) DLP, Forcepoint, Proofpoint, Zscaler or equivalent technologies
Strong expertise in regex and pattern‑matching techniques, with working knowledge of: EDM/IDM, Sensitive data types (PII, PHI, PCI), Data classification and labeling
Familiarity with modern collaboration and productivity platforms, including: Microsoft 365 (Exchange, SharePoint, OneDrive, Teams) and/or Google Workspace
Scripting and query proficiency (PowerShell, SQL, and/or Python) and experience working in Git‑based version control and CI/CD workflows
Excellent written communication and documentation skills, with the ability to communicate effectively to both technical and non‑technical audiences.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DLP rulesRegular expressionsKeyword detectionExact Data Match (EDM)Indexed Data Match (IDM)Document fingerprintingMachine-learning classifiersData classificationScriptingQuery proficiency

Soft Skills

written communicationdocumentation skillsmentoringcollaborationanalytical skillsproblem-solvingcross-functional teamworktechnical investigationrisk analysiscommunication