Jobs · Engineering · Texas

Information Security Senior Engineer

Equinix · Dallas, TX · 3 wk ago
HybridEngineeringFull-time

About the role

The Digital Information Security Engineering team is seeking a Senior Data Protection Engineer to design, implement, and scale enterprise data protection capabilities with a strong focus on CASB, DSPM, eDLP, Secure File Sharing, and Data Movement Controls.

Responsibilities

  • DSPM (Data Security Posture Management)
    • Implement and optimize DSPM to continuously discover and classify sensitive data across:SaaS applications, Cloud storage and object stores, Unstructured data repositories
    • Analyze data security posture, identifying: Overshared or publicly exposed data, Sensitive data sprawl, Misconfigured access controls
    • Drive risk-based remediation workflows in partnership with data owners and application teams
    • Establish continuous monitoring of data exposure and compliance posture
    • Advanced Data Detection & Protection
      • Design and deploy eDLP policies to inspect and control data in motion across web and cloud channels
      • Implement advanced detection techniques, including: Exact Data Match (EDM) for structured sensitive data (e.g., PII, PCI, financial datasets), Indexed Document Matching (IDM) for unstructured documents and intellectual property protection, Regex, keyword, and contextual data classification rules
      • Build, tune, and maintain EDM data sets and IDM fingerprinting repositories to protect critical business data
      • Configure real-time enforcement actions: Block, quarantine, alert, or coach users
      • Continuously optimize detection accuracy by reducing false positives/false negatives
    • Secure File Sharing & Data Movement Controls
      • Enforce secure data transfer policies across: Web uploads and downloads, SaaS file sharing and collaboration tools, Third-party and external data exchanges
      • Implement safeguards against: Unauthorized data exfiltration, Risky upload behavior, Unapproved sharing channels
      • Support business collaboration requirements while ensuring strong data protection controls
    • CASB & SaaS Security
      • Design and implement CASB controls (inline and API-based) to secure SaaS platforms such as M365, Google Workspace, and Salesforce
      • Enforce granular access and session controls, including: Inline transaction control (upload/download restrictions), Session-based enforcement (block, coach, isolate, redact), Adaptive policies based on user, device, and risk context
      • Identify and mitigate risks related to: Shadow IT, OAuth app abuse, SaaS misconfigurations and oversharing
      • Align CASB policies with Zero Trust principles and least-privilege access models
    • Automation & Integration
      • Develop automation using Python and APIs to: Manage policies programmatically, Automate lifecycle management of EDM/IDM datasets, Trigger remediation workflows based on DSPM findings, Integrate with SIEM/SOAR platforms for centralized monitoring and response, Build tooling to enhance visibility, reporting, and operational efficiency
    • Security Monitoring & Risk Reduction
      • Review and tune DLP and CASB alerts, focusing on data exfiltration and misuse
      • Define and track key data protection metrics, including: Sensitive data exposure trends, Policy enforcement effectiveness, Data exfiltration attempts
      • Conduct data risk assessments and continuous control validation
      • Tune and refine policies to maintain high efficacy and low business disruption

    Qualifications

    • Bachelor’s or Master’s degree in Computer Science, Information Security, or related field
    • 7–10+ years of experience in data protection or security engineering
    • Expertise in:
      • CASB (inline and API modes)
      • DSPM
      • eDLP
      • Exact Data Match (EDM)
      • Indexed Document Matching (IDM)
    • Strong understanding of:
      • Data classification and content inspection
      • Data exfiltration vectors and prevention techniques
      • SaaS and cloud data security risks
    • Experience implementing Zero Trust data protection strategies
    • Technical Skills:
      • Strong scripting/programming skills (Python preferred)
      • Experience with:
        • REST APIs and security integrations
        • SIEM/SOAR platforms
        • Cloud environments (AWS, Azure, GCP)

Similar jobs