Engineer, Data Loss Prevention

Position Summary:

The Data Loss Prevention (DLP) Engineer is a member of the Security Operations Center (SOC) team responsible for implementing and operating Inmar’s data loss prevention program. This role focuses on protecting sensitive data from unauthorized disclosure, exfiltration, or misuse through the deployment and tuning of DLP technologies across endpoints, networks, and cloud services.

The DLP Engineer designs and implements detection rules, analyzes DLP alerts and events, maintains complex detection patterns (primarily regex-based), and works closely with data owners and business stakeholders to balance data security with operational needs. The incumbent must possess strong technical skills in pattern matching, data classification, and security policy enforcement, combined with the ability to investigate and remediate potential data exposure incidents.

The candidate must have a service-oriented mentality with strong communication skills to work with business units on data handling practices, a keen eye for false positive reduction, and the ability to continuously refine detection logic to improve accuracy while minimizing disruption to legitimate business activities.

• Design, implement, and maintain DLP policies across endpoint, network, email, and cloud platforms to prevent unauthorized data disclosure.
• Develop and maintain complex detection patterns using regular expressions (regex), keyword matching, file fingerprinting, and metadata-based rules for identifying sensitive data (PII, PHI, PCI, intellectual property, etc.).
• Configure and tune DLP rules to detect sensitive data across structured and unstructured formats including documents, databases, emails, web traffic, and cloud storage.
• Continuously optimize detection accuracy by reducing false positives while maintaining effective coverage of true data exposure risks.
• Monitor, analyze, and investigate DLP alerts and events to determine if they represent genuine data exposure risks or false positives.
• Conduct detailed analysis of flagged events including reviewing content snippets, user behavior patterns, file metadata, and transmission channels.
• Correlate DLP events with other security data sources (SIEM, endpoint detection, user behavior analytics) to identify potential insider threats or data exfiltration attempts.
• Document investigation findings and provide clear recommendations on incident severity, required remediation actions, and policy adjustments.
• Escalate confirmed data exposure incidents to the incident response team and support forensic investigations as needed.
• Engage with engineering teams to maintain and optimize DLP infrastructure including agents, network sensors, cloud connectors, and management consoles.
• Develop and maintain automated workflows for alert triage, policy updates, and reporting.
• Create and maintain comprehensive documentation of DLP policies, detection patterns, investigation procedures, and operational runbooks.
• Test new DLP rules and policies in non-production environments before deployment to minimize business disruption.
• Integrate DLP systems with other security tools including SIEM, SOAR, ticketing systems, and data classification platforms.

• Research and evaluate new DLP technologies, detection techniques, and data classification methodologies to enhance program effectiveness.
• Identify gaps in data visibility and coverage, recommending expansion of DLP controls to new data repositories, communication channels, or cloud services.
• Develop metrics and KPIs to measure DLP program effectiveness including policy coverage, detection accuracy, incident response times, and false positive rates.
• Provide regular reporting on DLP trends, top data exposure risks, user behavior patterns, and policy effectiveness to SOC management and stakeholders.
• Collaborate with legal, compliance, privacy, HR, and business units to understand data handling requirements and ensure DLP policies support business operations.
• Provide guidance to business teams on secure data handling practices and acceptable use of sensitive information.
• Support privacy and compliance teams with DLP…