Insider Risk & Data Protection Engineer

Insider Risk & Data Protection Engineer

Peraton is seeking an Insider Risk & Data Protection Engineer to join the Insider Risk and Data Protection (IR/DLP) Team within Corporate Security Compliance & Risk. This is an individual contributor role focused on the day-to-day technical execution of the enterprise Data Loss Prevention (DLP) program, digital activity reviews, and response to data spills and compromises involving Controlled Unclassified Information (CUI) and other sensitive data.

The analyst will work closely with the IR/DLP team, Cybersecurity, Legal, HR, Privacy, and program security stakeholders to detect, investigate, and remediate insider risk and data protection events. Ideal candidates are technically hands-on, detail-oriented, exercise strong discretion, and are comfortable operating defensible investigative processes in a regulated government-contracting environment.

• Administer, tune, and expand coverage of the enterprise DLP platform(s) across endpoint, email, network, cloud, and SaaS channels.
• Build, test, and refine DLP policies, rules, classifications, and detection use cases aligned to insider risk scenarios and regulatory drivers (CUI, DFARS, ITAR/EAR, PII, IP).
• Triage DLP alerts, reduce false positives, and continuously improve alert fidelity and analyst workflow.
• Support onboarding of new data sources, business units, and telemetry feeds into the DLP and user activity monitoring stack.
• Document standard operating procedures, runbooks, and configuration baselines for the DLP program.

• Conduct digital activity reviews of user behavior, data movement, and endpoint activity in support of insider risk inquiries, HR referrals, Legal holds, and management-requested reviews.
• Correlate activity across DLP, EDR, SIEM, identity, email, and cloud audit logs to build clear, fact-based timelines.
• Produce concise written findings appropriate for HR, Legal, and security leadership audiences.
• Maintain defensible documentation, chain-of-custody, and evidence-handling practices throughout each review.

• Serve as a primary responder for data spills and suspected compromises involving CUI, export-controlled, proprietary, or other sensitive data.
• Execute containment, eradication, and sanitization actions in accordance with DFARS , NIST SP 800-171, and Peraton internal incident response procedures.
• Coordinate notifications and reporting obligations (e.g., DoD Cyber Crime Center / DC3 reporting timelines, customer notifications) with Legal, Contracts, Program Security, and the CSOC.
• Maintain incident records, lessons-learned, and after-action reporting; recommend control improvements to prevent recurrence.

• Partner with the CSOC, IT Operations, Privacy, Legal, HR, and Program Security on cross-functional investigations and response actions.
• Contribute to development of insider risk policies, standards, awareness content, and training.
• Support data analytics, automation, and scripting initiatives that improve investigative efficiency and metrics.
• Provide periodic reporting on DLP, digital activity review, and data spill metrics to IRDP leadership.
• Periodic on-call responsibilities in support of after-hours data spill and insider risk events.

• 8+ years of relevant experience with a Bachelor's degree in Cybersecurity, Information Systems, Intelligence, Criminal Justice, or related field
• 12+ years of relevant experience may be considered in lieu of degree.
• Minimum 5 years of combined experience across DLP administration, insider risk / user activity monitoring, digital forensics, or cybersecurity incident response.
• Minimum 3 years hands-on experience administering an enterprise DLP platform (e.g., Microsoft Purview, Symantec/Broadcom DLP, Forcepoint, Zscaler, Netskope, or equivalent), including policy authoring and tuning.
• Demonstrated experience conducting digital activity reviews or insider-risk investigations, including correlating data across endpoint, email, network, and cloud sources.
• Working knowledge of CUI handling requirements, DFARS , and NIST SP 800-171.
• Basic proficiency with at least one scripting language (Python, Power Shell, KQL, SPL, or equivalent) for log analysis, automation, or data wrangling.
• Strong written and verbal communication skills, including the ability to translate technical findings into clear, audience-appropriate narratives for HR, Legal, and leadership.
• Strong attention to detail, sound judgment, discretion, and professional demeanor when handling sensitive matters.
• US Citizenship required.
• Ability to obtain a Top Secret security clearance.
• Ability to attend in-person meetings on occasion in Reston, VA.

• Experience supporting cybersecurity operations within a government contractor, DoD, or other regulated environment.
• Hands-on experience with EDR (e.g., Crowd Strike, Defender for Endpoint, Sentinel One) and SIEM (e.g., Splunk, Sentinel) for…