Role Overview

As a Data Loss Prevention (DLP) Engineer, you will play a pivotal role in protecting the firms most sensitive data. You will be responsible for the end-to-end lifecycle of our DLP program – from developing and turning detection rules to analyzing complex DLP events. Beyond traditional DLP operations, this role requires a strong automation mindset. You will leverage SOAR capabilities and ServiceNow to automate workflows, streamline case management and automate review activities across modern security stack (Microsoft Purview, Defender, Zscaler, Proofpoint) as well as internally developed systems.

Key Responsibilities

• Design, implement and continuously tune DLP detection capabilities and policies across Microsoft Purview, Zscaler, Proofpoint to maximize true positives and minimize operational friction
• Develop custom detection logic and integrations for internally developed systems
• Perform regular testing and validation of existing DLP controls to identify coverage gaps and bypass techniques
• Engineer automation workflows to assist DLP analysts, reducing manual review time and automating the triage of low-fidelity events
• Collaborate directly with data owners, legal and compliance teams to translate business and regulatory requirements into technical enforcement rules
• Evaluate and integrate additional DLP tools, and participate in proof-of-concept trials.

Required Technical Skills

• DLP & Security Operations: Proven experience handling data loss incidents, insider threat investigations, or general security incident response. You need to know what a good alert looks like to build one
• Core Stack Expertise: Deep, hands-on administrative experience with tools like Microsoft Purview, Zscaler, ServiceNow and Proofpoint
• Automation & Scripting:  Strong proficiency in tools like Python or PowerShell. You must be able to interact with REST APIs to pull logs, enrich alerts, and trigger automated response actions
• Detection Engineering: Proficiency with regular expressions, exact data matching, indexed document matching and custom dictionary creation
• System Architecture: Solid understanding of enterprise network routing, proxies, cloud access, and mail transport rules

What Sets You Apart

• Experience integrating DLP tooling with SOAR platforms (e.g., Splunk SOAR, Cortex XSOAR, Tines) to build end-to-end automated review pipelines
• Background in software engineering or DevSecOps, with an understanding of CI/CD pipelines and version control for managing detection as code
• A “builder” mindset: you prefer to solve problems with code rather than relying solely on out-of-the-box vendor configurations
• Applied AI/ML in Detection Engineering – experience moving beyond static rules by training, tuning and deploying ML classifiers for context-aware data discovery. Familiarity with Microsoft Purview’s Trainable Classifiers or using custom Natural Language Processing models to identify sensitive data types that traditional regex approach misses
• Agentic workflow automation: experience building next-generation, LLM-driven “agentic” workflows. You have moved beyond basic SOAR playbooks and built autonomous systems where AI agents gather contextual telemetry, interact directly with employees (e.g, via MS Teams bots, email, task management systems) to verify business intent, and pre-triage alerts before they are manually reviewed