Senior Data Security Engineer (USSOCOM-Zero Trust, Azure Security & DLP)
Kentro · Tampa, FL · 1 wk ago
Information TechnologyFull-time
Azure Security & XDR
- Architect and manage comprehensive Azure security solutions, serving as the primary lead for deploying and tuning Microsoft Purview and Microsoft Defender XDR across hybrid and classified environments.
- Design and configure precise security policies within the Microsoft Defender suite, specifically leveraging Microsoft Purview, Microsoft Defender for Cloud Apps (MCAS), Entra ID, and Microsoft Conditional Access to control resource access based on identity, device compliance, and risk.
- Lead the implementation of Trellix Full Data Loss Prevention (DLP) policies across endpoints and networks to stop unauthorized exfiltration of CUI and classified data without impacting mission performance.
Defender & Access Policy
- Design, configure, and enforce precise security policies within the Microsoft Defender suite, specifically leveraging Microsoft Purview, Microsoft Defender for Cloud Apps (MCAS), Entra ID, and Microsoft Conditional Access to control resource access based on identity, device compliance, and risk.
- Leverage Microsoft Purview, Microsoft Defender for Cloud Apps (MCAS), Entra ID, and Microsoft Conditional Access to control resource access based on identity, device compliance, and risk.
- Collaborate with mission owners to train classifiers and DLP rules to recognize unique USSOCOM data types (e.g., mission names, operational codes) and drastically reduce false positive rates in security alerts.
Trellix DLP Enforcement
- Design, deploy, and enforce Trellix Full Data Loss Prevention (DLP) policies across endpoints and networks to stop unauthorized exfiltration of CUI and classified data without impacting mission performance.
- Drive data catalog integration and metadata synchronization with enterprise platforms including Palantir, Microsoft Unified Catalog, Purview Audit, and Activity Explorer.
- Specifically, lead the integration of Palantir catalog solutions with Data Loss Prevention (DLP) tools to ensure seamless, end-to-end data security and monitoring.
Data Rights Management
- Manage Active Directory Rights Management (AD-RMS) and Azure RMS as the primary DRM engines to enforce persistent, encryption-based protection of files and emails across USSOCOM networks.
Catalog & DLP Integration
- Drive data catalog integration and metadata synchronization with enterprise platforms including Palantir, Microsoft Unified Catalog, Purview Audit, and Activity Explorer.
- Specifically, lead the integration of Palantir catalog solutions with Data Loss Prevention (DLP) tools to ensure seamless, end-to-end data security and monitoring.
Classification Tuning
- Collaborate with mission owners to train classifiers and DLP rules to recognize unique USSOCOM data types (e.g., mission names, operational codes) and drastically reduce false positive rates in security alerts.
Qualifications
- Education: Master's degree (MA/MS) in Computer Science, Cybersecurity, Information Technology, or a related technical discipline.
- Experience: 10+ years of relevant experience in enterprise systems engineering, data security, or cybersecurity operations.
- Technical Skills: Azure Security Expert: Expert-level proficiency in Microsoft Azure security architecture, with a dedicated focus on implementing and managing Microsoft Purview and Microsoft Defender XDR.
- Microsoft Security Stack: Deep, hands-on expertise in the broader Microsoft Defender suite, specifically: Microsoft Purview (Sensitivity Labeling, DLP, Information Barrier policies).
- Microsoft Defender for Cloud Apps (Cloud Access Security Broker - CASB policies).
- Microsoft Entra ID (Identity and Access Management).
- Microsoft Conditional Access (Context-aware, zero-trust security policies).
- Trellix & Palantir DLP Expertise: Proven experience designing, tuning, and enforcing Trellix Full Data Loss Prevention (DLP) policies at an enterprise scale. Must have specific expertise in the integration of Palantir catalog solutions with Data Loss Prevention tools.
- Data Rights Management: Strong experience implementing and administering AD-RMS and Azure RMS in complex, multi-domain, or hybrid cloud environments.
- Data Catalog Integration: Proven experience integrating and managing metadata across enterprise catalogs such as Palantir, Microsoft Unified Catalog, and utilizing Purview Audit and Activity Explorer.
- Storage & Database Knowledge: Strong understanding of storage protocols (NFS, SMB/CIFS, S3) and database structures (SQL, NoSQL) to troubleshoot security scanning access.
Required Certifications
- Must possess one of the following DoD 8570/8140 IAT Level III certifications: CISSP CASP+ CCSP CISM
Preferred Technical Skills
- Advanced knowledge of Kusto Query Language (KQL) for writing sophisticated detection rules, hunting queries, and diagnostic analysis within Microsoft Sentinel/Defender XDR.
- Strong proficiency in Splunk Processing Language (SPL) for building advanced dashboards, alerts, and performing forensic analysis.
Clearance Requirement
- TS/SCI
Benefits
- Competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
- We offer education reimbursement for certifications, degrees, or professional development.
- We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development. Reimbursement amounts may fluctuate due to IRS limitations.
- We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
- We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
- We work hard; we play hard. Kentro is committed to incorporating fun into every day. We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
- We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.
- We are dedicated to fostering an inclusive workplace where all employees, including protected veterans, are treated with dignity, respect, and fairness.
How To Apply
To apply to Kentro Positions- Please click on the job link and then click the blue “Apply” button at the top right of Job Description. Please upload your resume and complete all the application steps. You must fully submit the application for Kentro to consider you for a position.
Accommodations
If you need to discuss reasonable accommodations, please email careers@kentro.us .