Data Security Engineer - III

Job Summary

We are seeking a skilled and detail-oriented Data Security Professional to strengthen our organization’s data protection and access control posture across cloud, SaaS, endpoint and network environments. This role focuses on implementing and operating data security controls, enforcing Zero Trust access, preventing data loss and ensuring secure usage of enterprise applications and platforms.

The ideal candidate will bring strong technical expertise in security platforms and a practical understanding of protecting sensitive data across distributed enterprise environments.

Key Responsibilities

Security Engineering

• Design, implement and operate enterprise security controls across web, cloud, SaaS, and endpoint environments using platforms such as Zscaler, Netskope, CASB, ZTNA, Secure Browsers, SWG (Secure Web Gateway)
• Partner with infrastructure, application and IT teams to securely onboard users and applications, enforce device posture checks, and apply least-privilege access principles across internal and third-party systems.
• Support endpoint security and MDM integrations to ensure compliant device access, enforce baseline security controls, and reduce exposure across managed and unmanaged endpoints.
• Hands-on experience with end to end vulnerability management tools such as Qualys and Tenable (Nessus) to perform security assessments across endpoints, cloud infrastructure and network appliances .

Data Protection and Controls

• Design, implement and continuously refine Data Loss Prevention (DLP) policies to safeguard sensitive information such as PII, financial data, credentials and confidential business data across cloud applications, endpoints, email and web channels.
• Deploy and manage CASB capabilities to achieve comprehensive visibility into cloud application usage, enforce data sharing controls and prevent unauthorized data movement or exfiltration.
• Operate and fine-tune email security gateways (e.g., Proofpoint,mimecast) to identify and block phishing attacks, malware, and data leakage attempts, ensuring secure organizational email communication.
• Monitor, analyze, and optimize DLP alerts and detection rules to minimize false positives while maintaining effective data protection coverage.
• Manage and respond to data security incidents identified during assessments, maintain detailed incident records on a monthly basis and ensure timely investigation, resolution and reporting of all incidents.

Threat Monitoring and Incident Support

• Continuously monitor and analyze security telemetry, logs, and alerts from Network DLP, Zscaler, Netskope, Email Security Gateway, and endpoint platforms to identify sensitive data movement, policy violations, anomalous access patterns, and potential data exfiltration attempts.
• Perform in-depth investigation and response to data security incidents by correlating Network DLP events with data classification tags, user activity and behavior.
• Support containment actions, conduct root cause analysis, and validate remediation measures to ensure long-term protection of sensitive data across network, cloud and endpoints.
• Collaborate closely with SOC and incident response teams to enhance detection logic, optimize alert fidelity, reduce false positives, and improve end-to-end visibility into data-related security threats.

Collaboration and Reporting

• Collaborate with cross-functional teams including IT, engineering, and business stakeholders to embed data security and Zero Trust principles into system architecture and daily operations.
• Provide clear and actionable insights through dashboards, reports and summaries highlighting data exposure risks, control gaps, and recommended improvements.
• Contribute to the creation and continuous improvement of security standards, operational runbooks, and best practices, and support internal knowledge-sharing sessions to improve overall security maturity.

Required Skills & Experience

• 6 years of experience in Data Security, Cloud Security or Enterprise Security Engineering
• Hands-on experience with Zscaler, Netskope, CASB, ZTNA, Secure Browsers, SWG (Secure Web Gateway) and similar platforms
• Strong understanding of DLP technologies , data classification, and data protection strategies
• Hands on experience with email security gateways such as Proofpoint, mimecast
• Familiarity with MDM, endpoint security and access controls
• Working knowledge of cloud platforms (AWS, Azure, GCP) and SaaS security models
• Ability to analyze logs, alerts, and telemetry to drive meaningful security outcomes