We are hiring a hands-on Senior DSPM Engineer to deliver the technical execution of our Data Security Posture Management program.
Reporting to the DSPM Leader, this is an individual contributor role focused on deploying, configuring, integrating, tuning, and operating the DSPM toolchain primarily Palo Alto Networks Cortex (Cortex XSIAM, Cortex Cloud, and Dig Security DSPM) and 1touch.io to discover sensitive data, classify it, detect risk, and drive remediation across cloud, SaaS, and on-premises environments.
You will live in the consoles every day: writing classifiers and policies, building integrations, triaging findings, automating workflows, and partnering with cloud, data, and SecOps teams to close issues at the source.
5+ years in cybersecurity / cloud security / data security engineering, with the majority of recent time spent in hands-on technical delivery (not pure advisory or management).
Strong, hands-on production experience with Palo Alto Networks Cortex at minimum two of: Cortex XSIAM, Cortex XDR, Cortex XSOAR, Cortex Cloud including content development and integration work.
Hands-on experience implementing and operating Dig Security (Palo Alto Cortex DSPM) for cloud data discovery, classification, and DDR.
Hands-on experience implementing and operating 1touch.io for sensitive data discovery, classification, and data lineage / identity mapping.
Solid working knowledge of cloud data services across AWS, Azure, and Google Cloud Platform, plus IAM concepts (roles, policies, identity federation) as they relate to data access.
Strong understanding of data classification, DLP concepts, and applicable regulations (GDPR, CCPA/CPRA, HIPAA, PCI DSS).
Deploy, configure, and operate Palo Alto Networks Cortex (Cortex XSIAM, Cortex XDR, Cortex Cloud) end-to-end connectors, data ingestion, parsers, content packs, correlation rules, and dashboards.
Implement and run Dig Security (Palo Alto Cortex DSPM) for cloud data discovery, classification, Data Detection & Response (DDR), and posture remediation across AWS, Azure, and Google Cloud Platform.
Implement and operate 1touch.io for sensitive data discovery, classification, lineage, and identity-to-data mapping across structured, unstructured, semi-structured, and mainframe data sources.
Build and tune custom classifiers, policies, and detection rules to identify PII, PHI, PCI, financial data, secrets, and regulated content with low false-positive rates.
Onboard new cloud accounts, data stores (S3, RDS, Redshift, Blob, SQL, Cosmos, BigQuery, Snowflake, Databricks, etc.), SaaS apps, and on-prem sources into the DSPM platforms.
Triage DSPM findings (shadow data, public exposure, over-permissive access, sensitive-data movement, anomalies) and drive remediation with cloud, data, and application owners.
Build integrations and automations between Cortex, Dig, 1touch.io, SIEM/SOAR, ticketing (Jira/ServiceNow), and chat (Slack/Teams) using APIs, webhooks, and scripting (Python).
Author and maintain Cortex XSIAM XQL queries, XSOAR/XSIAM playbooks, and detection content tied to data-centric use cases (insider risk, ransomware, exfiltration, misconfiguration).
Perform routine health checks, version upgrades, agent/sensor management, and capacity tuning of all DSPM platforms.
Document architectures, runbooks, standard operating procedures, and onboarding guides; act as the technical SME during audits, customer reviews, and incident response.
Partner with the DSPM Leader to translate the program roadmap into shippable technical deliverables and measurable risk reduction.
Never miss an opportunity! Create an alert based on the job you applied for.
