IT Security Engineer - DLP and CASB Engineering - Remote
United States of America
Full Time
2 hours ago
No H1B
Key skills
Microsoft Purview DLPNetskope DLP/CASBCloud securityDLP policy engineeringSIEM (Splunk)Root-cause analysisLeadership in security practicesVendor certificationsSQLAnalyticsSnowflakeAWSAzureGCPGoogle CloudS3SplunkSaaSLeadershipCommunicationCollaborationCloud Security
About this role
CSAA Insurance Group, a AAA insurer, is one of the leading personal lines property and casualty insurance groups in the United States. They are seeking an experienced IT Security Engineer specializing in DLP and CASB to design, implement, and manage data protection solutions across cloud and hybrid environments.
Responsibilities:
- Design, implement, and optimize enterprise-wide DLP controls using Microsoft Purview DLP, Information Protection, and Netskope DLP/CASB
- Engineer DLP policies, classifiers, exceptions, and workflows for cloud (SaaS, IaaS, PaaS), endpoint, and web channels
- Lead integration of DLP and CASB tools with cloud platforms including AWS, Azure, and Google Cloud
- Partner with cloud architects and application teams to embed DLP and CASB controls into cloud-native environments
- Support secure data flows across S3, Blob, Snowflake, SQL, and SaaS applications through technical integrations and best-practice configurations
- Develop and enforce advanced DLP policies aligned to security standards, regulatory requirements, and risk tolerance
- Minimize false positives through tuning, advanced SIT/classifier creation, and rule optimization
- Work closely with SOC and SIEM teams (Splunk preferred) to ensure high-fidelity telemetry and alerting
- Build dashboards, analytics, and automation opportunities that improve detection and reduce manual effort
- Identify trends and potential gaps, driving proactive mitigation strategies
- Serve as a technical expert for complex DLP and CASB incidents
- Perform root-cause engineering, propose long-term fixes, and partner with SOC on response playbooks
- Provide leadership in mapping DLP controls to GDPR, CCPA, PCI, HIPAA, and other frameworks
- Deliver executive-level reporting and insights to leadership on DLP posture, risks, and improvements
- Develop standards for data classification, masking, retention, archival, and secure data flows
- Maintain technical documentation, SOPs, and lead stakeholder education workshops
- Assess new DLP, CASB, and cloud security capabilities; lead POCs and vendor evaluations
- Drive modernization efforts, platform migrations, and optimization initiatives
- Perform advanced analysis of DLP and CASB events across Microsoft Purview, Netskope, MDCA, and related tools
- Identify patterns, trends, mis-configurations, and gaps in controls; recommend or implement tuning and policy improvements
- Develop and refine DLP rules, classifiers, exceptions, and high-fidelity detections to reduce false positives and strengthen data-loss prevention coverage
- Partner closely with SOC, Cyber Defense, and Security Engineering to align on priorities, establish best-practice playbooks, and improve DLP/incident response workflows
- Work with IT, Cloud, and Business partners to design scalable, efficient, and compliant processes for protecting internal and external data flows
- Educate and influence interested parties on DLP findings, risk areas, and recommended mitigations
- Apply a risk-based approach to analyze, prioritize, and remediate data protection risks across the enterprise
- Ensure alignment with regulatory requirements (GDPR, CCPA, PCI, HIPAA where applicable) and corporate security standards
- Contribute to governance activities, including policy development, standards, and control architecture
- Stay current on emerging data-protection threats, cloud-security trends, and DLP/CASB industry capabilities
- Recommend modernization opportunities in DLP technologies, automation, and process streamlining
- Support and/or lead security awareness and training efforts related to data protection
Requirements:
- 7–10+ years in DLP engineering, cybersecurity, or cloud security roles
- Strong hands‑on experience with Microsoft Purview, AIP, labels, classifiers, DLP/Information Protection, Netskope DLP/CASB, and cloud security controls
- Proven experience engineering DLP policies, integrating with cloud apps, and supporting enterprise-scale environments
- Deep understanding of MDCA / Defender for Cloud Apps
- AWS, Azure, GCP data-protection patterns
- SIEM (Splunk), log pipelines, dashboards
- Strong troubleshooting and root-cause analysis skills
- Excellent communication, documentation, and cross-functional collaboration abilities
- Ability to translate technical DLP concepts for non-technical partners
- Demonstrated leadership in driving security best practices across teams
- CCSP, CISSP, CISM, Azure Security Engineer, AWS Security Specialty, Netskope or Microsoft certifications
- Vendor certifications (Microsoft Security, Netskope, etc.) are a plus
- Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
- Lives into cultural norms (e.g., willing to have cameras when it matters helping onboard new team members, building relationships, etc.)
- Travels as needed for role, including divisional / team meetings and other in-person meetings
- Fulfills business needs, which may include investing extra time, helping other teams, etc