Included HealthRemote
Senior Security Operations Engineer
United States of America
Full Time
2 weeks ago
$138,000 - $195,000 USD
H1B Sponsor Likely
Key skills
PythonSQLPowerShellAWSCloud StorageSplunkSaaSLeadershipCommunication
About this role
Included Health is a new kind of healthcare company focused on delivering integrated virtual care and navigation. The Senior Security Operations Engineer will design, implement, and improve Data Loss Prevention (DLP) protections across corporate and cloud environments, lead incident responses, and enhance security measures based on real-world incidents.
Responsibilities:
- Lead the response to DLP and data security incidents, including investigation, containment, remediation, and root cause analysis for suspected data exfiltration or improper data handling
- Own the deployment, configuration, and continuous tuning of DLP controls across endpoints, network egress, SaaS applications, and cloud storage to protect PHI, PII, PCI, and other sensitive data
- Develop and maintain DLP policies, rules, and classifications that balance security, usability, and regulatory/client requirements
- Build and refine automated response playbooks and workflows that enrich, triage, and respond to DLP alerts, reducing manual effort and mean time to respond
- Perform proactive hunting for anomalous data movement, including unusual destinations, channels, or volumes, using DLP telemetry, EDR, SIEM, and identity signals
- Partner with Security Engineering, IT, Legal, Privacy, Compliance, and business stakeholders to design and enforce secure data-handling patterns and exception processes
- Contribute to broader incident response activities where data exposure or regulatory impact is a concern, including evidence handling and stakeholder communication
- Define and track key DLP metrics (coverage, detection quality, MTTD/MTTR, false positive rate) and communicate progress to security leadership and cross-functional partners
Requirements:
- Minimum 5+ years of hands-on experience in security operations, incident response, or security engineering roles, with a strong emphasis on data protection and DLP
- Direct, hands-on experience deploying, tuning, and operating DLP tools (endpoint, network, SaaS, and/or cloud) in a production environment
- Experience implementing and operating Cloud Access Security Broker (CASB) or similar SaaS security controls
- Deep experience integrating DLP signals into SIEM/SOAR workflows (e.g., CrowdStrike, Splunk, Sentinel)
- Advanced scripting/automation skills (e.g., Python, PowerShell, KQL/SQL) used to enrich, tune, and report on DLP/IR telemetry at scale
- Proven experience with Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne) and using them alongside DLP to investigate and contain data-focused incidents
- Strong experience with cloud data protection in AWS, including identifying and remediating misconfigurations, and leveraging native security services (e.g., GuardDuty, Security Hub) and CSPM tooling
- Experience designing and maintaining data classification and policy frameworks for PHI, PII, PCI, and other sensitive data types