Company
Cox Automotive - USAJob Family Group
Job Profile
Management Level
Flexible Work Option
Travel %
Work Shift
Compensation
Compensation includes a base salary of $143,600.00 - $239,300.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.Job Description
The Cybersecurity Lead DLP Engineer is responsible for leading and executing data loss prevention security operations across the enterprise. This role serves as the subject matter expert for DLP technologies, policies, and incident response, ensuring the protection of sensitive and confidential data across all business units domestically and internationally. The position requires close collaboration with IT teams, compliance, legal, and business stakeholders to evaluate, improve, and maintain comprehensive DLP controls. The Lead DLP Analyst will manage DLP product deployments, investigate data exfiltration incidents, and continuously enhance the organization's data protection posture through advanced DLP monitoring techniques and security best practices.
Data Loss Prevention (DLP) Operations
Serve as the primary subject matter expert on Data Loss Prevention technologies, strategies, and data protection concepts across the organization.
Lead overall responsibility for DLP security operations including policy creation, tuning, incident detection, investigation, and response to data exfiltration attempts.
Conduct thorough investigations of DLP alerts and incidents, including data classification violations, policy breaches, and potential insider threats involving sensitive data.
Monitor, analyze, and respond to DLP events from on-premise systems, cloud environments, endpoints, email gateways, web proxies, and collaboration platforms.
Develop and maintain data classification frameworks and work with stakeholders to implement appropriate protection controls for each classification level.
Continuously improve DLP detection capabilities through advanced pattern matching, machine learning models, fingerprinting, and contextual analysis techniques.
Security Monitoring and Incident Response
Collaborate with IT teams, compliance, legal, and business stakeholders to coordinate comprehensive DLP monitoring and response activities.
Monitor and analyze DLP events across email gateways, endpoints, cloud applications, network channels, and file repositories to detect policy violations and data exfiltration attempts.
Lead investigations of data breach incidents, insider threat cases, and data exfiltration attempts, identifying root causes and recommending remediation actions.
Perform advanced analysis of data exfiltration scenarios utilizing industry standard frameworks including MITRE ATT&CK data exfiltration tactics and techniques.
Provide timely detection, identification, and alerts of data loss events, policy violations, anomalous data movements, and potential insider threats.
Distinguish between benign business activities and malicious data exfiltration through contextual analysis and threat intelligence.
Work closely with IT teams, legal, HR, and business units to remediate security incidents while balancing security requirements with business operations.
Data Loss Prevention (DLP)
Ability to:
Design, implement, and manage enterprise DLP solutions across multiple platforms including Symantec DLP, Forcepoint DLP, Microsoft Purview, Digital Guardian, or similar technologies.
Create and tune comprehensive DLP policies using pattern matching, regular expressions, fingerprinting, exact data matching (EDM), and machine learning classification.
Implement DLP controls across all data vectors including email, web, endpoint, cloud applications, file shares, removable media, and printing.
Establish and maintain data classification taxonomies and apply appropriate protection measures for each sensitivity level.
Conduct sophisticated investigations of DLP incidents including analysis of data flows, user behavior, and potential data breach scenarios.
Integrate DLP solutions with SIEM, CASB, email security gateways, and other security infrastructure for comprehensive visibility.
Balance security requirements with business productivity through effective policy tuning and false positive reduction strategies.
Security Monitoring and Operations
Ability to:
Work effectively with IT departments, compliance teams, legal counsel, and business stakeholders for comprehensive DLP monitoring and enforcement.
Perform advanced DLP event correlation, triage, and analysis to identify true positive data loss incidents versus false positives.
Apply contextual analysis and business knowledge to respond appropriately to data security incidents and policy violations.
Recognize indicators of compromise related to data exfiltration, insider threats, and unauthorized data access or transmission.
Lead projects to improve DLP monitoring capabilities, enhance detection accuracy, and reduce response times.
Demonstrate strong understanding of defense-in-depth security principles and how DLP fits within the broader security architecture.
Communicate complex security issues effectively to management, business stakeholders, legal teams, and technical audiences.
Maintain and update DLP operational guidelines, standards, procedures, and documentation.
Incident Response and Forensics
Ability to:
Perform incident response activities specifically focused on data breach incidents, insider threats, and data exfiltration scenarios.
Conduct digital forensic investigations to determine data access patterns, identify compromised systems, and trace data movements.
Work collaboratively with internal IT teams, external forensic providers, legal counsel, and HR during sensitive data breach investigations.
Ensure all data security incidents are properly documented, investigated thoroughly, and remediated according to established procedures.
Maintain chain of custody for digital evidence and prepare detailed incident reports for management and legal review.
Bachelor’s degree in a related discipline and 6 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 4 years’ experience; a Ph.D. and 1 year of experience; or 18 years’ experience in a related field
Expert-level hands-on experience implementing and managing enterprise DLP solutions (Symantec/Broadcom DLP, Forcepoint, Microsoft Purview, Digital Guardian, McAfee DLP, or similar platforms)
Deep working experience with Data Loss Prevention, Incident Response, Insider Threat Detection, and data security operations
Strong experience with log analysis, DLP event investigation, and security alert triage specific to data exfiltration scenarios
Working knowledge of network protocols, email systems, cloud storage platforms, and endpoint technologies as they relate to DLP monitoring
Experience conducting security investigations and incident response for data breach, insider threat, and data exfiltration scenarios
Demonstrated ability to create technical documentation, operational procedures, metrics dashboards, and executive-level reports
Strong understanding of data privacy regulations (GDPR, CCPA, HIPAA, PCI-DSS) and compliance requirements
Network Administration and System Administration background with deep understanding of Windows, Linux, macOS environments
Advanced scripting and programming skills (Python, PowerShell, Bash) for automation and custom integrations
Experience with Cloud Security (AWS, Azure, GCP) and Cloud Access Security Broker (CASB) solutions
Hands-on experience with digital forensics tools (EnCase, FTK, X-Ways) and eDiscovery platforms
Experience with User and Entity Behavior Analytics (UEBA) and Insider Threat Management platforms
Knowledge of machine learning and AI applications in data classification and anomaly detection
Drug Testing
Benefits
About Us