Insider Threat DLP Engineer


Insider Threat DLP Engineer

– Remote

Qualifications & Experience

This is a remote position.

Experience: 3+ years in IT security, DLP/insider risk experience preferred

Education: A bachelor’s degree in a relevant technology field is required. Relevant certifications are accepted in lieu of a degree

Languages: English (required) 

Must be a US Citizen

Description of work

Information and Infrastructure Technologies (IIT) is hiring an Insider Threat DLP Engineer to join our Threat Mitigation Team. In this role, the Insider Threat DLP Engineer will be responsible for configuring Insider Risk Management functions and custom policies including onboarding data sources, configuring policies to target business-specific use cases, tuning for actionability, establishing metrics, and training personnel on response procedures. The ideal candidate will have experience within various tools and applications such as Microsoft Purview, Securonix Snypr, Exabeam, Goracle, and other User/Entity and Behavior Analytics (UEBA) tools. The engineer will be required to meet with customers to understand their needs and use-cases and work with leadership to develop a comprehensive insider-threat detection solution that will include the development of workflows, training for analysts, baselining of user activity, insider-threat remediation practices, and ongoing tuning/enhancement of insider-threat rules and policies within the various tools listed above.


-Implement and configure UEBA platform for use as enterprise detection/mitigation system for insider-threat related activity.

-Lead onboarding sessions and requirements gathering meetings with customers to ensure scope and expectations are properly defined.

-Configure and tuning of UEBA platform’s “out-of-the-box” policies, as well as development of custom policies defined around the customer’s needs and compliance requirements. These policies will involve file transfers, first time access, email activity, USB transfers, HR events, and other related data.

-Onboarding of datasources/connectors for data to be ingested from other vendor tools (badging data, HR data, etc).

-Develop Insider Risk Management policies that leverage/enhance existing DLP rulesets.

-Provide metrics and documentation surrounding the efficacy of alerts and information related to the policies developed.

-Provide training sessions on policy development, tuning, maintenance, and how to properly investigate and triage alerts.


Additional Qualifications:

-A minimum of 3 years of developing and investigating Data Loss Protection (DLP) and/or User/Entity Behavior Analytic (UEBA) alerts

-Experience developing and implementing actionable alerts as part of a robust insider risk management practice

-Experience onboarding data sources/connectors within security tools

-Experience developing custom insider threat alerts surrounding the use of USB, badging, printing, SharePoint, and email-related activities

-Experience baselining, tuning, and reporting metrics within UEBA/SIEM tools


IIT is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, protected veteran status, or any other characteristics protected by applicable law. If you are a qualified job seeker with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accommodation, please email us at and provide your name and contact information. To request an accommodation by telephone, contact us at 703-478-7600.

Please note: the email and telephone options listed above are only for job seekers with disabilities requesting an accommodation.