Information Security Engineer

About the Role

We are seeking an Information Security Engineer (3–5 years experience) with hands on expertise in data security, DLP, and security automation, with growing exposure to AI security. This role will support and mature enterprise data protection capabilities while helping operationalize data security cleanup workflows through automation and cross team coordination. The ideal candidate is comfortable executing and improving DLP controls, building automation to drive remediation, and partnering with application, platform, and business teams to reduce data risk  role offers opportunities to lead smaller initiatives or assist senior engineers on larger data security and AI governance efforts.

Plans, designs, and builds security architectures for the organization. Implements network and computer security and ensures compliance with information security policies and procedures.

• Assist in the implementation, tuning, and ongoing operation of DLP and data protection controls across M365, endpoints, email, SaaS, and cloud platforms.
• Maintain and refine DLP policies, classifiers, and detections to improve precision and reduce false positives.
• Support enterprise data discovery, classification, and exposure reduction efforts.
• Participate in data security incident triage, investigation, and remediation coordination.
• Design and maintain automation workflows to support data security cleanup and remediation, including automated email notifications to data owners, Jira/ticketing automation for tracking remediation actions, workflow‑driven follow‑ups and escalation paths, and use tools such as Power Automate or similar platforms to reduce manual effort and improve consistency.
• Partner with data owners and technical teams to communicate findings clearly, provide guidance and assistance with cleanup where needed, and track remediation progress to closure.
• Hands‑on configuration and operational support for Microsoft Purview (Sensitivity Labels, DLP, Endpoint DLP, Data Classification), Microsoft Defender (Endpoint and Cloud App data protection features), Varonis, Proofpoint, Lightbeam or similar data access governance tools, plus support reporting, dashboards, and audit‑ready evidence for data security controls.
• Assist with AI security reviews, ensuring sensitive data is not shared with unauthorized AI tools, and support AI intake and approval workflows by validating data scope, access controls, and guardrails aligned with security and privacy requirements.
• Maintain knowledge of secrets management concepts, help identify and remediate hard‑coded secrets, credentials stored in code repositories, and high‑risk PII/PCI data, and partner with engineering teams to promote secure secrets handling practices.
• Support data security controls aligned with PCI DSS, SOC 2, NIST, ISO 27001, GDPR/CCPA, contribute to policies, standards, and SOPs related to data handling, DLP, automation, and AI usage, and assist with audit preparation and evidence collection.
• Initiate security response procedures when incidents are detected, update CSIRT documentation and procedures, write code or scripts to automate, monitor, and test security solutions, and assist in designing, building, configuring, and maintaining cybersecurity threat defense capabilities and user access management.
• Maintain cybersecurity requirements for network, system, and/or application technologies, configure and install security technologies such as firewalls, intrusion detection systems, access controls, implement software fixes to remove system vulnerabilities, perform daily reviews of OS and network changes, deploy patches, manage security objects including SSL certificates, PGP and private keys, system passwords, anti‑virus, spyware, and malware solutions, and identity management.

• Demonstrates skill in data analysis techniques by resolving missing/incomplete information and inconsistencies/anomalies in more complex research/data.
• Work requires increasing independence; receives guidance only on unusual, complex problems or issues; review typically involves periodic review of output by supervisor or direct customers.
• May…