Review, test, and implement security solutions related to: Data Loss Prevention (DLP): Microsoft Purview Information Protection, Conditional Access, policy configuration, monitoring, and incident response. Data Classification & Labeling: Define, implement, and maintain enterprise-wide data classification and labeling standards; leverage AI/ML-driven solutions to automatically classify and tag sensitive information. CASB Solutions: Manage inline (proxy-based) and out-of-band (API-based) CASB models to control access to and usage of SaaS applications. ZTNA Solutions: Integration and operation of Zero Trust Network Access solutions (e.g., Zscaler, Prisma Access, Axis) with DLP enforcement. Email Security: Integrate DLP and data classification policies with enterprise email security platforms. Public Cloud Security: Apply DLP and CASB controls in AWS, Azure, and GCP environments. Develop, enforce, and continuously improve data protection policies and security baselines. Monitor DLP systems for policy violations, anomalous activity, and potential data exfiltration; investigate incidents and drive remediation. Recommend enhancements to improve visibility and effectiveness of data classification, labeling, and protection capabilities. Maintain documentation of configurations, security policies, and operational procedures. Automate manual security tasks and policy enforcement where possible (infrastructure as code, scripting, orchestration). Strong understanding of data security principles, data classification, and labeling frameworks. Hands-on experience with enterprise DLP platforms (Microsoft Purview strongly preferred). Experience with AI-driven data classification solutions and integration into security workflows. Familiarity with CASB deployment models (inline and out-of-band) and their application to SaaS platforms. Knowledge of Zero Trust frameworks and their application to DLP and access controls. Solid understanding of cloud security controls in AWS, Azure, and GCP. Familiarity with network and application protocols (TCP/IP, HTTP/S, DNS, etc.) and how they impact data protection. Experience with automation tools such as PowerShell, Terraform, Ansible, or equivalent is preferred. Excellent analytical, communication, and collaboration skills. Results-oriented, self-motivated, and capable of working in a fast-paced environment. Minimum 5 years of experience in a Security Engineering role, with at least 3+ years focused on DLP, data classification, and data security technologies. Direct experience with data labeling and classification projects, ideally with AI/ML-driven automation. Working knowledge of security frameworks (NIST, ISO 27001, CIS, OWASP). Bachelor's or Master's degree in Information Systems, Information Security, or related field (preferred but not required). Industry-recognized certifications (CISSP, CISA, CISM, CCSP, or Security+) are strongly preferred.
