Netskope Security Engineer

Location:
Hybrid (Client located Foster City, CA area)

Must be able to work on W-2 basis.

Must be local to the Foster City, CA.

One of the country's largest technology-forward organizations is seeking a skilled Data Protection Security Engineer with strong Netskope leadership experience to join their security team onsite in Foster City, CA (at least 3 days per week required). In this role, you will drive the enterprise-wide deployment, configuration, and ongoing management of the Netskope Next-Generation Secure Web Gateway (NG SWG) and Network Private Access (NPA) platforms.

You will make a direct impact by guiding the organization’s data protection initiatives, building robust Data Loss Prevention (DLP) strategies, and shaping enterprise‑level security posture at scale.

This exciting opportunity to secure and empower business‑critical information begins as a 6‑month W2 contract, with the possibility of extension. Candidates must be located near Foster City, CA, with onsite presence required at a minimum of three days per week.

• Lead end-to-end administration of the Netskope environment, ensuring robust configuration and alignment with defined security policies and risk objectives.
• Design, deploy, and manage the Netskope NG SWG—steering network traffic, enabling threat detection and response, and implementing advanced SSL inspection, URL filtering, threat protection, and cloud application controls.
• Integrate Netskope with identity and access management tools (e.g., Okta, Azure AD) to customize user‑based security controls.
• Oversee endpoint deployment and coordinate with IT teams for effective rollout and maintenance.
• Develop and refine alerting, logging, and reporting channels, leveraging SIEM solutions for real‑time security monitoring.
• Architect and implement Netskope NPA to enable zero‑trust access, replacing or supporting traditional VPN solutions; set application segmentation and least‑privilege access policies.
• Onboard private applications into the NPA framework in partnership with application and IT stakeholders.
• Design and maintain comprehensive DLP policies across web, cloud, and private application layers, focusing on regulated and sensitive data types (PII, PHI, PCI, intellectual property).
• Test and validate DLP rules to optimize detection accuracy, collaborating with compliance and governance functions for ongoing refinement.
• Respond to DLP alerts and lead incident response in accordance with established protocols.
• Serve as a Netskope SME, sharing knowledge across technology and business teams, and producing detailed runbooks, architectural documentation, and operational procedures.
• Mentor junior staff and engage with vendor resources to stay informed on platform updates and capabilities.

• 8+ years of professional background in network, cloud, or information security engineering.
• At least 2 years with hands‑on enterprise deployment and management of Netskope NG SWG and/or NPA environments.
• Practical expertise in developing, tuning, and managing DLP policies for complex organizational needs.
• Deep understanding of zero‑trust network access principles and architectures.
• Advanced skills with SSL/TLS inspection, proxy configurations, and cloud access security broker (CASB) technologies.
• Familiar with identity platforms such as Okta, Azure AD, and protocols like SAML, SCIM.
• Working knowledge of compliance frameworks relevant to data protection (e.g., HIPAA, PCI‑DSS, GDPR, CCPA).
• Strong analytical thinking, troubleshooting acumen, and a detail‑oriented, proactive approach to problem‑solving.

Netskope certifications (e.g., Netskope One Professional), experience integrating with SIEM/SOAR tools (e.g., Splunk, Microsoft Sentinel), scripting skills (Python, Power Shell) for automation, and familiarity with additional DLP solutions.

CISSP, CCSP, CISM, CompTIA Security+/Network+.

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field—or equivalent hands‑on experience in lieu of a degree.

• Medical Insurance & Health Savings Account (HSA)
• 401(k)