DLP Security Engineer

Key Responsibilities

• Endpoint Detection and Response (EDR) software
• Host and Network based Data Loss Prevention (DLP) software
• Email encryption software
• Anti-malware/Anti-virus software
• Other security applications
• Conduct analysis, troubleshooting, and trending of incidents/events detected from Endpoint security solutions, DLP, and other security applications
• Manage various deployed DLP technologies and their integration points with Configuration Management Database (CMDB), Email infrastructure, LDAP (e.g. Active Directory), etc.
• Create custom rules and tune existing rules, policies, alerts, etc. within various security applications based on stakeholder needs or situational conditions
• Conduct ongoing Threat Hunting exercises using existing security applications
• Perform Level 2 & 3 triage and handling of security events (escalated from Level 1 Security Analysts or other); includes but is not limited to identification, containment, remediation, and reporting activities.
• Create new and enhance existing procedures to improve operational efficiencies and reporting accuracy
• Develop detailed technical recommendations to solve current and future security issues; identify protection gaps and propose effective mitigating solutions
• Maintain awareness of emerging threats to data protection, system integrity, and network availability
• Evaluate, design, architect, implement, and configure new security products and technologies
• Develop, review, and maintain documentation for security systems and procedures
• Expand Threat Intelligence program through integration, automation, and enhanced workflows
• Analyze, evaluate, and communicate Threat Intelligence notifications to reduce risk exposures and to defend against cyber attacks

Qualifications

Must Haves:

• A Bachelor's Degree in Computer Science or Engineering or equivalent experience
• Coding/Scripting experience (e.g. Python, Perl, PowerShell)
• Proven experience with creating Regular Expressions
• Experience with RESTful APIs and automation
• 1 Year of Symantec and/or McAfee DLP operational experience is required; must have implemented and managed DLP; must possess strong technical knowledge of DLP architecture, system policies, rules, etc.
• Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of management
• Work well in team environments with internal and external resources as well as work independently on tasks
• Strong organizational, multi-tasking, and time management skills

Additional Information

Preferred/ Nice-to-haves:

• CISSP, CISA, CEH, OSCP, or other industry recognized security certification(s)
• Cloud Access Security Broker (CASB) implementation and/or management experience
• Next Generation Anti Malware implementation and/or management experience
• 1 Year of Threat Intelligence administration experience; have used or implemented the above program in some capacity, understanding incident response, analysis, rules, etc.