Title: DLP Platform Consultant
Duration: Long term
Location: Irving , TX
(ONLY W2)
Job Description:
This is a high-visibility individual contributor role where you will serve as the organization’s subject matter expert on DLP platform architecture, policy engineering, data classification, and sensitive data discovery.
You’ll be responsible for protecting critical business and customer data at massive scale spanning thousands of endpoints, cloud workloads, and SaaS applications while keeping false positives low and signal quality high. If you’re passionate about data protection, enjoy the challenge of tuning complex policy frameworks, this role was built for you.
Key Responsibilities
DLP Platform Engineering & Administration
• Own the end-to-end engineering, configuration, and operational health of Microsoft Purview DLP and other DLP platforms across endpoint, network, and cloud channels.
• Design, deploy, and maintain DLP policies that protect sensitive data including payment card information, employee PII, financial records, and proprietary business data.
• Continuously monitor, tune, and optimize DLP policies to maximize detection accuracy while aggressively reducing false positives.
• Manage platform upgrades, feature rollouts, and capacity planning to ensure the DLP infrastructure scales with business growth.
• Develop and maintain platform documentation, runbooks, and standard operating procedures.
Data Classification & Sensitive Data Discovery
• Lead sensitive data discovery initiatives using Microsoft Purview’s classification and content inspection capabilities to identify where sensitive data resides across the enterprise.
• Design and refine sensitive information types (SITs), trainable classifiers, and labeling policies tailored to the organization’s data landscape.
• Partner with data governance, privacy, and compliance teams to ensure classification taxonomies align with regulatory requirements and business needs.
• Conduct ongoing data discovery assessments to identify emerging data risk and ensure newly created repositories and workflows are covered by DLP controls.
Integration & Collaboration
• Integrate Microsoft Purview DLP with Microsoft Defender for Endpoint to extend data protection controls to managed devices across the enterprise.
• Ensure DLP alerts and events flow into the organization’s SIEM platform for centralized visibility, correlation, and incident investigation.
• Leverage ServiceNow for incident tracking, workflow automation, and integration with the broader security operations and IT service management ecosystem.
• Collaborate with Security Operations, Incident Response, and Insider Threat teams to investigate and respond to DLP-triggered events.
• Partner with cloud engineering, endpoint management, and application teams to ensure DLP coverage extends to new technologies and business initiatives.
Required Qualifications
• Bachelor's degree in Computer Science, Cybersecurity, or a related discipline is required; alternatively, four years of cybersecurity experience along with an active CISSP or CISM certification will also be considered.
• 5+ years of progressive experience in data loss prevention, data protection, or a closely related security engineering discipline.
• Hands-on experience engineering and administering Microsoft Purview DLP (or legacy Microsoft 365 DLP / Microsoft Information Protection).
• Strong expertise in DLP policy design, tuning, and false positive reduction across endpoint, network, and cloud DLP channels.
• Practical experience with data classification frameworks, sensitive information types, and automated labeling in a Microsoft 365 environment.
• Experience integrating DLP platforms with SIEM solutions and ITSM tools such as ServiceNow.
• Excellent analytical and troubleshooting skills with the ability to diagnose complex policy behavior and platform issues.
• Strong communication skills with the ability to translate data protection concepts for technical and non-technical stakeholders.
Preferred Qualifications
• CDPSE (Certified Data Privacy Solutions Engineer), Microsoft SC-400 (Information Protection Administrator Associate) certification, AZ-500 (Azure Security Engineer).
• Experience in large-scale retail, convenience store, fuel, or payment processing environments.
• Familiarity with PCI DSS, state privacy regulations, or other data protection compliance frameworks.