DLP Platform Engineer (Irving)

Key Responsibilities DLP Platform Engineering & Administration • Own the end-to-end engineering, configuration, and operational health of Microsoft Purview DLP and other DLP platforms across endpoint, network, and cloud channels. • Design, deploy, and maintain DLP policies that protect sensitive data including payment card information, employee PII, financial records, and proprietary business data. • Continuously monitor, tune, and optimize DLP policies to maximize detection accuracy while aggressively reducing false positives. • Manage platform upgrades, feature rollouts, and capacity planning to ensure the DLP infrastructure scales with business growth. • Develop and maintain platform documentation, runbooks, and standard operating procedures. Data Classification & Sensitive Data Discovery • Lead sensitive data discovery initiatives using Microsoft Purview’s classification and content inspection capabilities to identify where sensitive data resides across the enterprise. • Design and refine sensitive information types (SITs), trainable classifiers, and labeling policies tailored to the organization’s data landscape. • Partner with data governance, privacy, and compliance teams to ensure classification taxonomies align with regulatory requirements and business needs. • Conduct ongoing data discovery assessments to identify emerging data risk and ensure newly created repositories and workflows are covered by DLP controls. Integration & Collaboration • Integrate Microsoft Purview DLP with Microsoft Defender for Endpoint to extend data protection controls to managed devices across the enterprise. • Ensure DLP alerts and events flow into the organization’s SIEM platform for centralized visibility, correlation, and incident investigation. • Leverage ServiceNow for incident tracking, workflow automation, and integration with the broader security operations and IT service management ecosystem. • Collaborate with Security Operations, Incident Response, and Insider Threat teams to investigate and respond to DLP-triggered events. • Partner with cloud engineering, endpoint management, and application teams to ensure DLP coverage extends to new technologies and business initiatives.

Required Qualifications • Bachelor's degree in Computer Science, Cybersecurity, or a related discipline is required; alternatively, four years of cybersecurity experience along with an active CISSP or CISM certification will also be considered. • 5+ years of progressive experience in data loss prevention, data protection, or a closely related security engineering discipline. • Hands-on experience engineering and administering Microsoft Purview DLP (or legacy Microsoft 365 DLP / Microsoft Information Protection). • Strong expertise in DLP policy design, tuning, and false positive reduction across endpoint, network, and cloud DLP channels. • Practical experience with data classification frameworks, sensitive information types, and automated labeling in a Microsoft 365 environment. • Experience integrating DLP platforms with SIEM solutions and ITSM tools such as ServiceNow. • Excellent analytical and troubleshooting skills with the ability to diagnose complex policy behavior and platform issues. • Strong communication skills with the ability to translate data protection concepts for technical and non-technical stakeholders. Preferred Qualifications • CDPSE (Certified Data Privacy Solutions Engineer), Microsoft SC-400 (Information Protection Administrator Associate) certification, AZ-500 (Azure Security Engineer). • Experience in large-scale retail, convenience store, fuel, or payment processing environments. • Familiarity with PCI DSS, state privacy regulations, or other data protection compliance frameworks.