More jobs:
Job Description & How to Apply Below
Who We Are
At Kyndryl, we run and reimagine the mission-critical technology systems that drive advantage for the world's leading businesses. We are at the heart of progress; with proven expertise and a continuous flow of AI-powered insight, enabling smarter decisions, faster innovation, and a lasting competitive edge. For our people-Kyndryls-that means doing purposeful work that powers human progress. Join us and experience a flexible, supportive environment where your well-being is prioritized and your potential can thrive.
The Role
Key Responsibilities 1. Incident Review & Investigation
Review, analyze, and validate DLP and CASB alerts escalated by L1 analysts , ensuring accurate triage and risk classification.
Investigate potential cases of data exfiltration, misuse, or policy violations across multiple channels:
Email (O365, Exchange Online Protection, Gmail)
Endpoint (Device Agents, Removable Media)
Web/Cloud Applications (Box, One Drive, SharePoint, Google Drive, Salesforce, etc.)
Correlate events across systems (DLP, CASB, SIEM, and EDR) to identify multi-vector data leakage attempts .
Escalate confirmed incidents with detailed context, evidence, and recommended containment actions to L3 SMEs or Incident Response teams .
Participate in Root Cause Analysis (RCA) for confirmed data leakage incidents and propose preventive actions.
2. Policy Management & Tuning
Collaborate with DLP/CASB SMEs to fine-tune detection rules , thresholds, and patterns to reduce false positives while maintaining high detection fidelity.
Implement rule and policy changes based on evolving business and regulatory requirements (typically 10-50 changes per month for CASB ).
Manage policy lifecycle processes , including testing, deployment, rollback, and documentation .
Contribute to the development of custom detection patterns , data classifiers , and policy templates aligned with organizational data categories (PII, PCI, IP, etc.).
Maintain synchronization and policy consistency across cloud and endpoint channels .
3. Platform Operations & Maintenance
Monitor and ensure operational health and performance of DLP and CASB platforms (e.g., Forcepoint, Netskope, Microsoft Defender for Cloud Apps, Symantec, McAfee, or Palo Alto Prisma Access ).
Validate integration with SIEM and ITSM tools (e.g., Service Now , Microsoft Sentinel , Splunk ) for alert ingestion, incident tracking, and reporting.
Coordinate with OEM vendors and internal platform teams for:
Product patching and upgrades
Rule deployment validation
Performance tuning and incident troubleshooting
Maintain system hygiene , ensuring agents, connectors, and sensors are active and updated across all endpoints and applications.
Conduct periodic configuration reviews to validate coverage, data patterns, and rule logic.
4. Governance, Reporting & Compliance
Maintain comprehensive incident logs , RCA records , and policy change documentation .
Support creation of monthly dashboards, SLA reports, and KPI summaries related to DLP/CASB operations.
Participate in governance forums , audit reviews , and client-facing reporting sessions to present performance trends, risk metrics, and improvement plans.
Ensure data protection configurations align with compliance frameworks (e.g., GDPR, HIPAA, PCI DSS, ISO 27001).
Collaborate with risk and compliance teams to align detection and response strategies with corporate data handling policies .
5. Collaboration & Continuous Improvement
Work closely with L1 monitoring teams , providing guidance on triage, escalation, and classification best practices.
Support cross-skilling initiatives and assist in developing and updating SOPs, knowledge base articles, and training materials .
Participate in threat modelling and data exfiltration use case development to enhance proactive detection and prevention capabilities.
Identify and recommend automation opportunities for incident enrichment, false-positive suppression, and report generation.
Who You Are
Required Skills & Experience 6-10 years of hands-on experience in DLP/CASB engineering, administration, or operations .
Strong technical expertise in at least one enterprise DLP platform :
Forcepoint DLP
Symantec DLP
Microsoft Purview (formerly MIP/DLP)
McAfee DLP
Proficiency in CASB technologies , such as:
Netskope
Microsoft Defender for Cloud Apps
McAfee MVISION Cloud
Palo Alto Prisma Cloud Access Security Broker
Good understanding of data classification , content inspection , encryption , and endpoint agents .
Familiarity with SIEM platforms (e.g., Sentinel, Splunk, QRadar) and ITSM workflows (Service Now, Jira).
Experience integrating DLP and CASB with email, endpoint, and SaaS ecosystems .
Strong analytical, investigation, and documentation skills for incident triage and RCA.
Working…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×