Responsibilities
- Administer, configure, and tune enterprise DLP solutions (e.g., Crowdstrike, Zscaler, Microsoft Purview, or equivalent) across network, endpoint, and cloud vectors to detect and prevent unauthorized transmission of sensitive data.
- Develop, implement, and maintain DLP policies governing CUI, classified information, PII, proprietary data, and export-controlled technical data (ITAR/EAR) in accordance with program security requirements and government regulations.
- Monitor DLP alerts and dashboards on a continuous basis; triage, investigate, and escalate incidents per established procedures; document findings and remediation actions to closure.
- Collaborate with ISSMs, ISSOs, and network security engineers to ensure DLP policies align with system authorization boundaries, classification requirements, and data handling SOPs.
- Conduct regular DLP policy reviews and effectiveness assessments; analyze false positive/negative rates and recommend tuning actions to maintain operational accuracy without degrading mission capability.
- Support incident response activities involving suspected data exfiltration or policy violations; preserve evidence, prepare incident reports, and coordinate with program security and legal teams as required.
- Maintain DLP system health including software updates, licensing, log integration with SIEM, and coordination with IT infrastructure teams for network-layer inspection (proxy, SSL inspection, mail gateway).
- Develop and deliver user awareness content and security reminders related to data handling policies; support periodic training on CUI, PII, and proprietary data protection requirements.
- Produce recurring metrics, trend reports, and executive-level summaries of DLP program performance; support annual self-inspections and government audit activities.
- Travel up to 10% CONUS to support program site DLP implementations, security reviews, and government customer engagements.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent combination of education and experience considered.
- 5–8 years of experience in cybersecurity, network security, or information assurance, with a minimum of 2–3 years of hands-on DLP administration or data protection engineering experience.
- Demonstrated experience configuring, tuning, and managing an enterprise DLP platform (Forcepoint, Symantec DLP, Microsoft Purview, Trellix, or equivalent) in a production environment.
- Working knowledge of data classification frameworks, CUI categories, PII handling requirements, and ITAR/EAR export control regulations as they apply to network data flows.
- Familiarity with network security architecture including proxies, mail gateways, SSL/TLS inspection, and network packet capture/analysis tools (Wireshark, tcpdump, or equivalent).
- Experience with SIEM platforms (Splunk, ArcSight, or equivalent) for DLP log integration, correlation rule development, and alert triage.
- Active Secret clearance required at time of hire.
Nice to Have
- TS/SCI eligibility preferred.
- Active TS.
- Experience administering DLP in a DoD, IC, or classified environment with multi-domain/cross-domain network architectures.
- Knowledge of CMMC, NIST SP 800.171/172, NIST SP 800-53 data protection controls (AC, AU, SI control families) and their application to DLP policy development.
- Familiarity with Microsoft Purview compliance center, insider threat detection capabilities, and cloud-based DLP for M365 GCC High environments.
- Experience with User and Entity Behavior Analytics (UEBA) platforms or insider threat tooling (Veriato, ObserveIT, or similar) in support of DLP investigations.
- Relevant certifications: Security+, CISSP, CISM, Certified Data Privacy Solutions Engineer (CDPSE), or vendor DLP certification.
Work Arrangement
Hybrid — Los Angeles, Washington, D.C., San Francisco, San Diego, Seattle, London
Additional Information
- Active Secret clearance required at time of hire.
- TS/SCI eligibility preferred.
- Travel up to 10% CONUS.
- Relocation assistance is offered.