Engineer III (Data Security Analyst)

Engineer III (Data Security Analyst)

College Board - Technology

This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).

Type:

• This is a full-time position

About the Team

College Board's Enterprise Security Engineering (ESE) team currently consists of 6 full-time staff and additional contractors. ESE is responsible for implementing and managing cutting-edge security solutions and tools. We protect the confidentiality, integrity and availability of data and endpoints across physical and cloud environments. We protect workloads and data in AWS and Azure, corporate networks, user endpoints around the country and data in SaaS and PaaS environments. We enable our developers and colleagues to deliver new, secure digital offerings that include the Digital SAT and AP exams. The work we perform supports the College Board's mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.

About the Opportunity

Are you passionate about protecting sensitive information and ensuring data is used responsibly and securely? We are seeking a highly motivated and detail-oriented Engineer III (Data Security Analyst) to join our growing Enterprise Security Engineering team. This is an exciting opportunity for an early-career professional with a background in computer science or IT who is eager to develop foundational experience in data protection, regulatory compliance, and governance.

Role Summary

As an Engineer III (Data Security Analyst), you will play a critical role in identifying, assessing, and mitigating data-related risks across the organization. This role exists to safeguard information assets, support privacy and compliance goals, and strengthen resilience against internal and external threats. You'll work alongside experienced security analysts and cross-functional teams-including Legal, Privacy, Data Governance, Engineering, and Operations-to help ensure that security controls are aligned with both business priorities and regulatory frameworks.

• This is an ideal opportunity for someone who has a few years of academic or entry-level experience in cybersecurity, computer science, information systems, or IT support, and who is excited to learn about security tooling, policy enforcement, and governance operations in a real-world enterprise environment.

• Collaborate with senior cybersecurity staff to support the Data Security Committee and Data Security Working Group, helping capture action items and track governance deliverables.

• Assist in maintaining and updating risk control libraries within the DSPM platform to ensure alignment with internal policies and external regulatory standards (e.g., GDPR, CCPA, HIPAA).

• Monitor and triage alerts from DSPM and DLP tools, escalating high-risk findings according to playbooks and assisting in response documentation. Analyze tool-generated reports to identify anomalies, assess risk impact, and support decision-making.

• Support Legal and Privacy teams by providing accurate, timely data classification reports and audit artifacts as needed.

• Contribute to continuous improvements in data protection policies by suggesting platform tuning and reporting enhancements. Help classify and tag sensitive data across systems and platforms, in alignment with internal policies and compliance standards.

• Participate in internal security and privacy awareness initiatives and compliance readiness efforts.

• Pursue ongoing training and certifications to develop expertise in data protection technologies, data governance frameworks, and cloud data security.

Data Security Governance and Control Implementation (60%)

• Define, implement, and maintain data classification, handling, and access control policies and standards across cloud and on-prem environments, leveraging data analytics to ensure policies address current threats.

• Configure and tune DLP tools, DSPM, CASB, and cloud-native security controls to detect and prevent exfiltration of sensitive data or models, using statistical and machine learning techniques to optimize detection thresholds and reduce false positives.

• Map and inventory sensitive data using tools like BigID or Microsoft Information Protection (MIP), and support automated tagging to better inform security controls and data lifecycle management.

• Provide expertise on encryption, tokenization, and access management for structured, semi-structured, and unstructured data.

• Participate in risk assessments, control testing, and audits as needed with data owners across the organization, applying data-driven analysis to quantify risks and support evidence-based remediation plans.

• Recommend enhancements to data protection tooling and processes based on emerging threats and lessons learned, incorporating trends from security analytics and predictive risk modeling.

Data Risk Monitoring and Alert Response (20%)

• Monitor data security alerts and anomalies supported by College Board's security tools.

• Triage data-related security events, interfacing with data custodians and escalating to the Cyber Defense Team as needed, leveraging behavioral analytics to improve prioritization.

• Assist Cyber Defense in DLP investigations, utilizing forensic and data mining techniques to support root cause analysis.

• Maintain awareness of threats and behavioral risks tied to data access, incorporating insights from user and entity behavior analytics (UEBA).

• Utilize internal AI agents to enable more accurate reviews, helping to automate the identification of high-risk data interactions and enhance the speed of investigation.

Collaboration, Reporting, and Continuous Improvement (20%)

• Work with Legal, Privacy, and Data Governance teams to align data protection practices with policies and laws

• Support regulatory and internal compliance needs related to data handling and privacy laws by providing evidence or information to Privacy or GRC as requested

• Deliver regular data security related reporting and metrics, incorporating trends, KPIs, and predictive indicators that highlight risks and drive continuous improvement.

About You

You have:

Required:

• 2+ years of relevant experience, including internships, academic projects

• Foundational knowledge of cybersecurity principles (e.g., access control, encryption, incident response)

• Experience in analyzing logs, metrics, or data sets to support troubleshooting or risk assessments.

• Hands-on-expertise with data protection and governance tools (e.g. DLP, DSPM)

• Strong organizational and communication skills with a willingness to learn and grow in a team-oriented environment.

Preferred:

• Exposure to security or compliance frameworks (e.g., NIST, ISO 27001, GDPR, HIPAA) through coursework or projects.

• Basic familiarity with cloud platforms (AWS, Azure, or Google Cloud Platform) or data governance concepts.

• Experience using basic scripting or query tools (e.g., PowerShell, Python, SQL) to assist with data analysis or automation.

All roles at College Board require:

• A passion for expanding educational and career opportunities and mission-driven work

• Authorization to work in the United States for any employer

• Proficiency in Microsoft Suite Tools (or a willingness to learn)

• Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and a comfort learning and applying new digital tools independently and proactively.

• Clear and concise communication skills, written and verbal

• Evidence of skills and mindsets required to live out College Board's Operating Principles, notably:

• A commitment to candid, timely, respectful feedback

• A learner orientation and an openness to ideas and diverse perspectives

• The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs

• Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward

• A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose

• A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success

About Our Process

• Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.

• While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer

At College Board, we offer more than just a paycheck-we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We're a self-sustaining nonprofit that believes in fair and competitive compensation, grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

• The hiring range for this role is $125,000 to $135,000.

• Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.

• We aim to make our best offer upfront-rooted in fairness, transparency, and market data.

• We adjust salaries by location to ensure fairness, no matter where you live.

You'll have open, transparent conversations about compensation, benefits, and what it's like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI-DC1

#LI-REMOTE