Cybersecurity Data Protection Engineer
Creative Artists Agency · Nashville, TN · 1 wk ago
Engineering$121k–$135k/yrFull-time
About the role
This is a hands-on security position working within the Information Security group and with the internal IT department at large. The core focus is to ensure consistent, measurable end-to-end delivery of security services.
Responsibilities
- Develop a comprehensive plan on the management of structured and unstructured data in an enterprise environment with a focus on business enablement.
- Partner across technology teams to create practical best practices for implementation of Microsoft Purview solutions including Data Loss Prevention, Data Security Posture Management, Information Protection, Insider Risk Management, Data Lifecycle Management.
- Conduct data discovery, classification and risk assessment across managed data repositories – OneDrive, SharePoint, SaaS, and custom developed solutions storing company data.
- Integrate data protection controls with security and workflow toolsets such as SIEM, EDR, ServiceNow/JIRA.
- Configure, deploy and manage Endpoint DLP policies to prevent or monitor data exfiltration across company devices or BYOD.
- Partner with business groups to review workflows, producing output to enhance security processes in support of those workflows.
- Ensure the security considerations identified are implemented and the solutions are configured securely.
- Coordinate with IRM leadership to develop and deliver key security metrics to ensure technical security controls are meeting desired objectives; ensuring the measurable effectiveness of CAA’s technical controls.
Qualifications
- A minimum of 6 years in Information Technology
- A minimum of 3 years’ experience in data protection, Data Loss Prevention or information security engineering
- Experience in an enterprise environment with exposure to broader technology and business teams
- A Bachelor’s or Master’s Degree in a relevant field of work
- Certifications such as CISSP, CISA/CISM, Microsoft Certified Information Protection Administration preferred, but not required
- Proven experience with Microsoft data security and data compliance technologies
- Strong analytical skills in conducting due diligence to identify, assess and prioritize data related risks
- Familiarity with information security frameworks (NIST, ISO27001), data privacy regulations (GDPR, CCPA), and information security certifications/attestations (SOC, ISO, PCIDSS, FedRAMP)
- A strong understanding of the fundamental operations of servers, operating systems, cloud applications, and infrastructure
- Hands-on experience with one or more: DLP (e.g., Microsoft Purview, Crowdstrike) DSPM / SSPM platforms Cloud security (AWS, Azure, GCP)
- A strong understanding of: Data protection techniques (encryption, tokenization, masking) Identity and access management principles API security and modern application architectures
- Scripting/programming experience (e.g., Python, PowerShell, or similar)