Key skills
CloudMacOSPythonSplunkBashPowerShellAIMachine LearningGenAIAnalyticsOAuthGitHubSaaSSalesforce
About this role
Role Overview
- Monitor and analyze DLP alerts across endpoint, browsers, SaaS, and AI applications to identify potential data exfiltration events, policy violations, and insider threats
- Conduct real-time triage of security alerts, distinguishing between true positives and false positives using behavioral context, data lineage analysis and sensitive findings
- Perform detailed forensic investigations into data loss incidents, analyzing user activity, data movement patterns, and exfiltration vectors (email, web uploads, removable storage, print, source code exfiltration, desktop apps, GenAI apps etc.)
- Understand and follow incident response processes and escalation procedures, coordinating with customer incident response teams on high-severity cases
- Document investigation findings, evidence trails, and remediation recommendations with clear, actionable reports
- Configure and maintain DLP policies based on customer data classification schemes, compliance requirements (GDPR, HIPAA, PCI-DSS, SOX), and business objectives
- Continuously tune detection rules and sensitivity thresholds to reduce false positives while maintaining high detection accuracy
- Identify patterns in alert data to recommend new use cases, detection methods, and policy improvements
- Serve as a trusted technical advisor and subject matter expert on data protection, DLP best practices, and insider threat management
- Administer Nightfall's DLP solution including agent deployment, policy configuration, integration setup, and performance monitoring
- Stay informed about emerging insider threat trends, data exfiltration techniques, and adversary tactics, techniques, and procedures (TTPs).
Requirements
- 3-5 years of experience in information security, with at least 2 years focused on data loss prevention (DLP), insider threat, or data protection technologies
- Hands-on experience with DLP tools (e.g., Forcepoint, Symantec, McAfee, Digital Guardian, Microsoft Purview, or other enterprise DLP solutions)
- Proven DLP administration skills: configuring policies, tuning detection rules, managing agents, generating reports, and performing incident investigations
- Strong understanding of data classification methodologies, sensitive data types (PII, PHI, PCI, IP, credentials), and regex/pattern matching for content inspection
- Experience with incident response processes, forensic investigation techniques, and security event escalation workflows
- Knowledge of compliance frameworks and regulations: GDPR, HIPAA, PCI-DSS, SOX, and their data protection requirements
- Strong analytical skills
- ability to analyze complex, multivariate security problems and use systematic approaches to reach resolution
- Experience with SIEM platforms, SOAR tools, or log analysis software (Splunk, ELK, Tines etc)
- Familiarity with User and Entity Behavior Analytics (UEBA) and behavioral risk indicators
- Understanding of endpoint security, including macOS, Windows, and browser platforms
- Knowledge of SaaS security, CASB solutions, and cloud application architectures (Office 365, Google Workspace, Slack, GitHub, Salesforce, etc.)
- Basic scripting skills (Python, PowerShell, Bash) for automation and data analysis.
- Prior experience with Nightfall, Cyberhaven, Code42, DTEX, Proofpoint, or similar DLP/insider risk platforms
- Background in Security Operations Center (SOC) operations, threat hunting, or blue team activities
- Knowledge of machine learning/AI-based detection systems and how they improve upon traditional pattern-matching approaches
- Understanding of API security, OAuth flows, and integration architectures for SaaS platforms
- Contributions to security community: blog posts, speaking engagements, open-source projects, or threat research.
Tech Stack
- Cloud
- MacOS
- Python
- Splunk
Benefits
Employee compensation will be determined based on interview performance, level of experience, specialization of skills, and market rate. During the offer discussion, your recruiter will review the finalized base salary, bonus (for applicable roles), benefits & perks, and stock options as they’ll be reflected in the offer letter.