Data Security Engineer (DSPM platforms)

Description for Internal Candidates

Data security posture management

• Discover and classify sensitive data (e.g., PII, PHI, financial data) across all data stores, including databases, SaaS applications, and cloud storage. 
• Assess data risk based on factors such as sensitivity, location, user access, and potential attack paths. 
• Continuously monitor the data environment for vulnerabilities, misconfigurations, and non-compliant data handling practices. 
• Enforce the Principle of Least Privilege by analyzing and managing data access permissions and entitlements to minimize the attack surface. 
• Remediate identified data risks by automating or directing actions, such as adjusting permissions, quarantining critical assets, or encrypting information. 
• Provide visibility into the data security landscape by creating reports and dashboards for stakeholders. 

Data loss prevention

• Develop, configure, and maintain DLP policies and rules across various channels, including email, web, endpoints, and cloud applications. 
• Monitor DLP alerts and investigate potential data leakage incidents and policy violations. 
• Analyze DLP incidents to identify root causes and patterns of data exfiltration. 
• Perform tuning of DLP policies to reduce false positives and improve the accuracy of sensitive data detection. 
• Collaborate with incident response teams to contain and resolve data security incidents promptly. 
• Work with data owners and business units to understand their data handling needs and refine DLP policies accordingly. 

Compliance and strategy

• Ensure the organization's data protection practices align with regulatory requirements, such as GDPR and DORA.  
• Generate audit-ready reports and compliance assessments to demonstrate adherence to relevant standards. 
• Help define and contribute to the broader enterprise data protection strategy, considering the entire data lifecycle. 
• Educate employees and stakeholders on data security best practices to foster a security-conscious culture. 
• Stay up to date with emerging data security trends, threats, and technologies, including securing AI and LLM training data. 

Qualifications

• Education

  : A bachelor's degree in computer science, information security, or a related field is typically required. 

• Experience

  : Several years of hands-on experience working with DLP and DSPM technologies in an information security role. 

Technical skills

• Experience with DSPM platforms (e.g., Wiz, Prisma Cloud, BigID). 
• Proficiency with enterprise DLP solutions (e.g., Microsoft Purview, Symantec, Forcepoint). 
• Familiarity with cloud platforms such as AWS and Azure.  
• Experience with SIEM tools for security event analysis. 
• Understanding of data encryption, access controls, and network protocols.