Staff Data Security Engineer
United States of America
Full Time
1 hour ago
$127,000 - $189,000 USD
H1B Sponsor Likely
Key skills
Microsoft Purview DLPMicrosoft Defender for EndpointMicrosoft Defender for Cloud AppsMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft SentinelKQL query developmentSOAR playbooksVaronis Data Security PlatformData Security Posture Management (DSPM)Data classification frameworksMicrosoft Purview Information ProtectionISO 27001ISO 27701SOC 2NIST compliance frameworksEmail authentication standards DMARCEmail authentication standards SPFEmail authentication standards DKIMMicrosoft 365Microsoft certifications SC-400Microsoft certifications SC-200Microsoft certifications SC-100Microsoft certification AZ-500Security-first mindsetAWSAzureGCPCloud StorageSaaSLeadershipRisk ManagementCloud Security
About this role
Reinsurance Group of America, Incorporated is a Fortune 200 Company focused on life- and health-related solutions. The Staff Data Security Engineer will be responsible for designing and implementing enterprise data protection capabilities across Microsoft 365, endpoints, and cloud platforms, while ensuring sensitive data is identified, classified, and protected across all systems.
Responsibilities:
- Design, deploy, and tune DLP policies across Microsoft Purview DLP, covering Exchange Online, SharePoint, Teams, OneDrive, and endpoint devices
- Configure and manage labeling policies, trainable classifiers, and exact data match (EDM) for sensitive data types
- Integrate DLP capabilities with the Defender suite. Configure and manage Microsoft Defender for Endpoint and its Endpoint DLP component to monitor and control data on client devices. Leverage Microsoft Defender for Cloud Apps (MDCAS) for cloud-based DLP and real-time monitoring of SaaS applications
- Configure data connectors and analytic rules in Sentinel for DLP alerts and email security events
- Monitor DLP incidents, conduct root-cause analysis, and drive policy refinement to reduce false positives while maintaining coverage
- Extend DLP coverage beyond Microsoft 365 to third-party SaaS platforms, on-premises systems, and network egress points to reduce unauthorized data access and exfiltration
- Collaborate with stakeholders to develop data handling standards and acceptable use policies and establish consistent policy frameworks, enforcement models, and automation for data protection
- Create and maintain technical documentation, runbooks, and Standard Operating Procedures (SOPs) for the Data Security program
- Build automation and scalable processes to reduce manual effort Data Security Posture Management (DSPM)
- Deploy and manage DSPM tooling to provide continuous visibility into sensitive data discovery, risk exposure, and access patterns
- Leverage Varonis for data access governance, entitlement reviews, and detection of abnormal data access behaviors across file shares, SharePoint, and cloud storage
- Conduct regular data risk assessments, identify overexposed sensitive data, and drive remediation with data owners
- Integrate DSPM findings into broader risk reporting and security metrics dashboards
- Produce regular reporting on policy effectiveness, data risk posture, and key security metrics for leadership
- Partner with data owners across business units to ensure proper classification of structured and unstructured data assets
Requirements:
- Bachelor's degree in arts/sciences (BA/BS) or equivalent experience - Required
- 6+ years of experience in information security, with at least 4 years focused on data security, DLP or DSPM
- Hands-on expertise with Microsoft Purview DLP, including policy creation, scoped deployments, adaptive protection, and incident management
- Strong proficiency with Microsoft Defender XDR suite: Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and Defender for Office 365
- Demonstrated experience with Microsoft Sentinel, including custom analytic rules, KQL query development, workbooks, and SOAR playbooks
- Experience with Varonis Data Security Platform for data access governance, risk prioritization, and threat detection
- Familiarity with DSPM concepts and tooling, including sensitive data discovery and cloud data risk management
- Solid understanding of data classification frameworks and Microsoft Purview Information Protection (sensitivity labels, auto-labeling, trainable classifiers)
- Experience implementing DLP across multiple vectors: email, endpoint, cloud applications, and network
- Demonstrated capability to analyze, operationalize, and continuously improve security controls and business processes
- Knowledge of relevant compliance frameworks and regulations: ISO 27001/27701, SOC 2 and NIST-aligned compliance and security frameworks, particularly as they relate to data protection and DLP
- Proven experience with email authentication standards (DMARC, SPF, DKIM) and their implementation in Microsoft 365
- Excellent analytical and problem-solving skills with a security-first mindset
- Microsoft certifications: SC-400 (Information Protection Administrator), SC-200 (Security Operations Analyst), SC-100 (Cybersecurity Architect), or AZ-500
- Experience with additional DLP or CASB platforms (e.g., Symantec DLP, Forcepoint, Zscaler)
- Familiarity with cloud security posture management (CSPM) in Azure, AWS, or GCP environments