jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

infrastructure

Added 2 hours ago

DLP (Data Loss Prevention) Platform Engineer

at ezyVet

Westbrook, United StatesHybrid

Responsibilities

  • Establish a policy lifecycle and deployment approach (e.g., detect → educate/warn → block) aligned to business risk and adoption goals.
  • Implement core detection models for IDEXX-relevant data types (e.g., regulated data, customer data, financial data, IP) using built-in and custom classifiers/regex as appropriate.
  • Define and implement channel coverage for exfiltration paths (email, cloud sharing, web upload, removable media where applicable) in coordination with endpoint and browser controls.
  • Policy Design, Tuning & Effectiveness Translate data classification and handling
  • Continuously tune policies to improve signal quality (reduce false positives, increase true positives) and minimize user friction.
  • Establish metrics and dashboards for control performance (alert volume, false positive rate, high-confidence detections, and trend-based risk reduction).
  • Develop and maintain DLP-related detection logic, routing, and severity models so SOC investigations are consistent and efficient.
  • Support creation of playbooks for common scenarios (mass external sharing, mass download, suspicious upload, risky OAuth app activity where applicable), including evidence sources and response actions.
  • Establish a feedback loop with SOC and Data Security Operations to refine policies based on incident patterns and operational findings.
  • Coordinate with End User Computing / M365 platform teams and Box administration to deploy controls safely and minimize disruption to business workflows.
  • Identify automation opportunities for policy deployment, exception handling, and reporting to reduce operational overhead.

Requirements

  • This is a hands-on engineering leadership role focused on the how of DLP capability delivery and control effectiveness—working closely with the Data Security Program Lead, Data Security Architect, Cyber Defense/SOC, and IT platform teams.
  • Integration & Operationalization with the SOC Integrate DLP alerts and telemetry into the SOC toolchain (SIEM/Case management) to enable triage, investigation, and escalation workflows.
  • experience in security engineering, data protection, security operations engineering, or related fields. Demonstrated
  • experience implementing enterprise DLP/CASB solutions in complex environments.
  • Hands-on expertise with DLP/CASB technologies (e.g., Microsoft Purview/M365 DLP, Zscaler, Netskope, or comparable platforms).
  • Strong understanding of common data exfiltration paths and user behavior patterns across email, collaboration, web, and endpoint channels.
  • Ability to implement and tune data classifiers (built-in and custom), including pattern/regex-based detection where needed.
  • Experience delivering security controls across collaboration ecosystems (M365 strongly preferred; Box or similar SaaS collaboration platforms).
  • Working familiarity with identity and access signals (e.g., Entra ID) that influence DLP policy enforcement and investigation context.
  • Familiarity with cloud environments and SaaS security principles (AWS preferred; Azure/GCP familiarity a plus).
  • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related technical field; or equivalent professional experience.
  • experience to drive adoption and reduce workarounds.
  • Ability to communicate technical control intent, tradeoffs, and operational impacts to technical and non-technical audiences.
  • Experience deploying DLP controls across M365 + Box in an enterprise environment.
  • Experience implementing DLP alongside data classification and governance programs.
  • Experience with endpoint/browser controls and integration with EDR/XDR toolsets.
  • Relevant certifications (e.g., CISSP, CCSP, Microsoft Security, vendor-specific DLP/CASB certifications).

Experience

  • What you will need to succeed... 5-7+ years of

Benefits

  • Base annual salary target: $110000 - $125000 (yes, we do have flexibility if needed)
  • Opportunity for annual cash bonus
  • Health / Dental / Vision Benefits Day-One 5% matching 401k Additional
  • benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more! Why IDEXX? We’re proud of the work we do, because our work matters.
  • At IDEXX, you will be supported by competitive compensation, incentives, and

Additional details

  • The DLP Platform Engineer is responsible for designing, implementing, and maturing enterprise Data Loss Prevention (DLP) and CASB controls across IDEXX’s collaboration and user platforms, including M365, Box, and endpoint/web exfiltration channels.
  • This role ensures that DLP controls are deployed correctly, integrated across systems, and tuned for effectiveness and usability at scale, enabling measurable reduction in data loss and oversharing risk.
  • In this role, you will be responsible for… DLP / CASB Platform Implementation Lead engineering for end-to-end implementation of the CASB/DLP solution across M365 (Exchange, SharePoint, OneDrive, Teams) and Box (internal/external collaboration), including phased rollout and deployment readiness.
  • requirements into high-confidence DLP policies that are actionable and enforceable across platforms.
  • Partner with stakeholders to implement user-facing controls (coaching, justification prompts, approvals) before enabling block actions broadly.
  • Cross-Functional Collaboration Partner with the Data Security Program Lead to deliver roadmap milestones and ensure stakeholder alignment across IT, Data Engineering, and Security Operations.
  • Partner with the Data Security Architect to align DLP policy design to enterprise control patterns and data management standards.
  • Continuous Improvement & Expansion Expand DLP coverage over time to additional channels and SaaS applications as prioritized by the Data Security roadmap and DSPM findings.
  • Continuously evaluate product capabilities and recommend improvements to increase protection coverage and reduce data loss risk.
  • Location: We are looking for someone driving distance to our Westbrook, Maine HQ for a flexible hybrid on-site requirement of 8 days per month.

Find more real-time jobs on JobLoom.