Data Protection Content Engineer

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Pay and Benefits: 

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact You Will Have in This Role

DTCC is building a new, enterprise‑wide data protection capability focused on securing sensitive data across modern collaboration platforms, cloud services, and AI‑adjacent workflows.

As a Data Protection Content Engineer, you will be responsible for designing, building, and maintaining data protection “content”—including detection rules, classifiers, labels, and policies—across DTCC’s enterprise data protection platforms. This role focuses on policy and control engineering, not infrastructure or day‑to‑day operations.

You will ensure that data protection controls are accurate, context‑aware, and operationally effective, reducing data loss risk while minimizing false positives and unnecessary business disruption. Your work must be repeatable, defensible, and audit‑ready, supporting DTCC’s obligations as a regulated financial market infrastructure.

This is a control‑engineering role that requires strong engineering discipline: version control, peer review, test evidence, controlled change, and clear documentation of intent and effectiveness.

Your Primary Responsibilities:

Data Protection Policy & Content Engineering

• Design, build, and maintain data loss prevention (DLP) policies, detection rules, and classifier logic across enterprise enforcement points, including DLP, DSPM‑derived enrichment, and AI proxy controls.
• Translate data classification and protection requirements into enforceable, testable control logic that operations teams can run consistently.
• Establish and maintain a clear definition of done for content releases, including documented intent, testing evidence, rollout plans, and rollback procedures.

Classification & Labeling Content

• Engineer and tune sensitivity labels, auto‑labeling policies, and inheritance logic across Microsoft 365 workloads (Exchange, SharePoint, OneDrive, Teams) and other supported platforms.
• Ensure consistent taxonomy implementation and alignment between labeling, DLP enforcement, encryption, and access controls.
• Continuously refine classifiers and labeling logic as new data types and usage patterns emerge.

Detection Tuning & False Positive Reduction

• Analyze alert telemetry, investigation outcomes, and business feedback to improve signal quality.
• Reduce false positives and alert noise through rule tuning, threshold adjustments, and contextual logic.
• Partner with Data Protection Operations to close detection gaps and improve mean time to resolution.

Platform Coverage & Integration

• Build and maintain content across integrated platforms, including: 
  • Microsoft Purview (DLP, Data Security Posture Management, Information Protection)
  • Zscaler (CASB, web and cloud egress controls)
  • Other enterprise DLP and data security tools (e.g., Symantec)
• Ensure consistent policy intent and enforcement across multiple control points.

Engineering Discipline in a Regulated Environment

• Apply SDLC‑style rigor to all policy and rule changes, including: 
  • Version control with traceable history
  • Peer review and formal change approval
  • Test plans and test evidence (positive, negative, regression)
  • Release notes documenting what changed, why, and impact
  • Rollback plans and controlled deployments
• Produce and maintain audit‑quality control evidence, including control intent, logic rationale, and proof of operation aligned to governance and regulatory expectations.

Operational Stability & Continuous Tuning

• Maintain clear documentation for policies, classifiers, and content changes.
• Support acceptance testing, change management, and evidence needs for audits and regulatory reviews.
• Use telemetry and case outcomes to continuously improve signal‑to‑noise without weakening protection.
• Implement and sustain a structured tuning and review cycle in partnership with Operations.

Cross‑Functional Collaboration

• Work closely with Data Protection Operations, platform engineers, and other security stakeholders to ensure content changes are safe, understood, and operationally consumable.
• Coordinate across related control owners to maintain consistent enforcement and avoid conflicting or overlapping controls.

Qualifications

• At least 8 years of related experience in software engineering, including enterprise application delivery.
• Bachelor’s degree preferred or equivalent professional experience

Talent Needed for Success

• 5–8+ years of experience in data protection, DLP, or information security engineering.
• Hands‑on experience with Microsoft Purview (DLP, Information Protection, labeling, DSPM).
• Proven background engineering content in Zscaler, Symantec, or equivalent enterprise data security platforms.
• Strong understanding of structured and unstructured data types and common data movement patterns.
• Experience working in a regulated enterprise environment, with the ability to produce documentation that stands up to audit and second‑line review.

Preferred Skills

Experience supporting or securing cloud collaboration platforms and SaaS services.

Familiarity with AI adjacent risk controls (e.g., AI proxies, GenAI usage controls).

Prior experience building or operating new security capabilities or programs.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.