DLP Engineer - Cybersecurity

Context

The Cyber Security team is seeking a DLP engineer to operate, optimize, and expand Amadeus data protection and detection capabilities. The engineer will work closely with the SOC to strengthen threat detection, incident response, and data security controls. The mission requires strong hands-on experience with Microsoft Purview DLP, DSPM, IRM module, and MDCA, along with a solid background in Data Loss Prevention across M365, endpoints, and cloud services. Knowledge of Netskope or other leading CASB/SWG/DLP solutions (Zscaler, Symantec, Palo Alto, etc.) is a strong plus.

Missions

• Design, develop, and deploy DLP controls.
• Deploy, configure, and maintain Microsoft Purview/MDCA DLP policies across M365, endpoints, and cloud applications.
• Create, tune, and maintain DLP rules, data profiles, and incident workflows across email, SharePoint/OneDrive, Teams, endpoints, cloud, and web channels.
• Reduce false positives and improve detection accuracy through continuous tuning.
• Support data classification, sensitivity labels, and governance initiatives (Purview or DSPM tools).
• Develop detection rules, threat-hunting use cases, and response playbooks using Purview and other security tool logs.
• Assist SOC analysts during investigations, especially in data exfiltration scenarios.
• Integrate Purview, Sentinel, and DLP logs with the SIEM and other SOC technologies.
• Document test plans, tuning guides, and DLP operational procedures.
• Work with internal IT, Cloud, and SOC teams to ensure proper data protection coverage.
• Contribute to evaluating and onboarding new security technologies.

Tools & Environment

• Microsoft Purview DLP (M365, Endpoint DLP, Cloud Apps)
• DSPM platforms (Wiz, Netskope DSPM, Varonis)
• CASB/SWG/DLP tools (Netskope, Zscaler, Symantec/Broadcom, Palo Alto)
• EDR tools (CrowdStrike, Defender for Endpoint)
• SIEM platforms (Sentinel, Splunk)
• Scripting languages (PowerShell, Python, KQL)
• Data classification and sensitivity labeling tools
• Network protocols, encryption, and exfiltration detection techniques

Working Conditions

• Collaboration with SOC, IT, and Cloud teams
• Focus on threat detection, incident response, and data security controls
• Continuous improvement and tuning of DLP policies and detection rules

1. Bachelor’s degree in Computer Science, Information Security, or a related field
2. Relevant certifications (such as CISSP, SANS) are a plus
3. 5+ years of experience working in a Security Operations Center (SOC) or Security Engineering department
4. Hands-on experience with Microsoft Purview DLP (M365, Endpoint DLP, Cloud Apps)
5. Knowledge of CASB/SWG/DLP tools (Netskope, Zscaler, Symantec/Broadcom, Palo Alto, etc.) is a strong advantage
6. Experience with DSPM platforms (Wiz, Netskope DSPM, Varonis, etc.) is an asset
7. Familiarity with EDR tools like CrowdStrike or Defender for Endpoint is beneficial
8. Strong understanding of DLP concepts, data classification, and data protection strategies
9. Experience with SIEM platforms (Sentinel, Splunk) and log analysis
10. Basic scripting skills (PowerShell, Python, KQL)
11. Good understanding of network protocols, encryption, and exfiltration techniques
12. Ability to work collaboratively in a team environment and manage multiple projects
13. Strong communication and problem-solving skills
14. Passion for learning and a proactive approach to threat identification and mitigation