Job Title: DLP Platform Engineer
Reports To: Manager, Security Engineering
Location: On-Site - Irving, TX
Role Summary
This is a high-visibility individual contributor role where you will serve as the organization s subject matter
expert on DLP platform architecture, policy engineering, data classification, and sensitive data discovery.
You ll be responsible for protecting critical business and customer data at massive scale spanning
thousands of endpoints, cloud workloads, and SaaS applications while keeping false positives low and
signal quality high. If you re passionate about data protection, enjoy the challenge of tuning complex policy
frameworks, this role was built for you.
Key Responsibilities
DLP Platform Engineering & Administration
Own the end-to-end engineering, configuration, and operational health of Microsoft Purview DLP
and other DLP platforms across endpoint, network, and cloud channels.
Design, deploy, and maintain DLP policies that protect sensitive data including payment card
information, employee PII, financial records, and proprietary business data.
Continuously monitor, tune, and optimize DLP policies to maximize detection accuracy while
aggressively reducing false positives.
Manage platform upgrades, feature rollouts, and capacity planning to ensure the DLP
infrastructure scales with business growth.
Develop and maintain platform documentation, runbooks, and standard operating procedures.
Data Classification & Sensitive Data Discovery
Lead sensitive data discovery initiatives using Microsoft Purview s classification and content
inspection capabilities to identify where sensitive data resides across the enterprise.
Design and refine sensitive information types (SITs), trainable classifiers, and labeling policies
tailored to the organization s data landscape.
Partner with data governance, privacy, and compliance teams to ensure classification taxonomies
align with regulatory requirements and business needs.
Conduct ongoing data discovery assessments to identify emerging data risk and ensure newly
created repositories and workflows are covered by DLP controls.
Integration & Collaboration
Integrate Microsoft Purview DLP with Microsoft Defender for Endpoint to extend data protection
controls to managed devices across the enterprise.
Ensure DLP alerts and events flow into the organization s SIEM platform for centralized visibility,
correlation, and incident investigation.
Leverage ServiceNow for incident tracking, workflow automation, and integration with the broader
security operations and IT service management ecosystem.
Collaborate with Security Operations, Incident Response, and Insider Threat teams to investigate
and respond to DLP-triggered events.
Partner with cloud engineering, endpoint management, and application teams to ensure DLP
coverage extends to new technologies and business initiatives.
Required Qualifications
Bachelor's degree in Computer Science, Cybersecurity, or a related discipline is required;
alternatively, four years of cybersecurity experience along with an active CISSP or CISM
certification will also be considered.
5+ years of progressive experience in data loss prevention, data protection, or a closely related
security engineering discipline.
Hands-on experience engineering and administering Microsoft Purview DLP (or legacy Microsoft
365 DLP / Microsoft Information Protection).
Strong expertise in DLP policy design, tuning, and false positive reduction across endpoint,
network, and cloud DLP channels.
Practical experience with data classification frameworks, sensitive information types, and
automated labeling in a Microsoft 365 environment.
Experience integrating DLP platforms with SIEM solutions and ITSM tools such as ServiceNow.
Excellent analytical and troubleshooting skills with the ability to diagnose complex policy behavior
and platform issues.
Strong communication skills with the ability to translate data protection concepts for technical and
non-technical stakeholders.
Preferred Qualifications
CDPSE (Certified Data Privacy Solutions Engineer), Microsoft SC-400 (Information Protection
Administrator Associate) certification, AZ-500 (Azure Security Engineer).
Experience in large-scale retail, convenience store, fuel, or payment processing environments.
Familiarity with PCI DSS, state privacy regulations, or other data protection compliance
frameworks.
Never miss an opportunity! Create an alert based on the job you applied for.
