Security Engineer
Role details
Job location
Tech stack
Job description
- Design, implement, configure, and manage Zscaler DLP policies for protecting sensitive data across endpoints, web traffic, cloud applications, and internet access.
- Administer and support Zscaler Internet Access (ZIA), including URL filtering, cloud firewall, SSL inspection, threat protection, and data protection controls.
- Develop and maintain DLP policies based on sensitive data classifications, regulatory requirements, business needs, and risk assessments.
- Investigate DLP alerts, policy violations, endpoint incidents, suspicious file transfers, and potential data-exfiltration events.
- Identify false positives and fine-tune DLP rules, dictionaries, data identifiers, exact data matching, and document-matching policies.
- Implement endpoint device protection controls for USB devices, removable media, printing, clipboard activity, file uploads, and other data-transfer channels.
- Configure and administer CyberArk Endpoint Privilege Manager (EPM) policies, application controls, and privilege elevation workflows.
- Integrate Zscaler and endpoint security platforms with SIEM, ticketing, identity, cloud, and incident-response systems.
- Develop automation scripts and security integrations using Python, JSON, REST APIs, and AWS services.
- Monitor security dashboards, logs, reports, and alerts to identify data protection risks and control gaps.
- Support security incident response, root-cause analysis, remediation, and post-incident reviews.
- Collaborate with compliance and legal teams to support data privacy, audit, and regulatory requirements.
- Create technical documentation, operational procedures, policy standards, architecture diagrams, and troubleshooting guides.
- Provide technical guidance and support to internal security, infrastructure, application, and business teams.
- Evaluate new security technologies and recommend improvements to the organization's endpoint and data protection strategy.
Requirements
This position requires strong knowledge of data protection policies, endpoint privilege management, cloud security, incident investigation, and security automation. The engineer will collaborate with cybersecurity, infrastructure, network, cloud, compliance, and application teams to protect sensitive organizational data and reduce security risks across endpoints, cloud platforms, and internet traffic., * Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline, or equivalent professional experience.
- 5-7 years of experience in cybersecurity, network security, endpoint security, data protection, or security engineering.
- Strong hands-on experience with:
- Zscaler
- Zscaler Data Loss Prevention
- Zscaler Internet Access
- Endpoint device protection and data-control policies
- Experience configuring and troubleshooting ZIA policies, authentication, SSL inspection, traffic forwarding, and security controls.
- Strong understanding of DLP concepts, including:
- Data classification
- Data discovery
- Data-at-rest, data-in-motion, and data-in-use protection
- Sensitive data identifiers
- Policy tuning
- Incident investigation
- Data-exfiltration prevention
- Experience with CyberArk Endpoint Privilege Manager, endpoint privilege management, or application control.
- Working knowledge of Python scripting, JSON, REST APIs, and security automation.
- Experience working with AWS security services and cloud environments.
- Knowledge of endpoint, network, cloud, identity, and access-management security principles.
- Strong troubleshooting, analytical, documentation, and communication skills.
Preferred Qualifications
- Experience with CrowdStrike Falcon, including endpoint detection, prevention, investigation, or response.
- Experience with Netskope and other enterprise DLP, CASB, SSE, or SASE platforms.
- Familiarity with additional DLP and endpoint security products such as Microsoft Purview, Symantec DLP, Forcepoint DLP, Trellix, Proofpoint, or similar tools.
- Experience integrating security products with SIEM platforms such as Splunk, Microsoft Sentinel, or QRadar.
- Knowledge of identity platforms such as Microsoft Entra ID, Okta, or Active Directory.
- Understanding of security and compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, HIPAA, or GDPR.
- Relevant certifications such as Zscaler certifications, CISSP, CCSP, Security+, AWS Certified Security - Specialty, or CyberArk certifications.
Key Skills
- Zscaler DLP
- Zscaler Internet Access
- Endpoint Device Protection
- CyberArk Endpoint Privilege Manager
- Data Classification and Data Protection
- DLP Policy Development and Tuning
- Security Incident Investigation
- CrowdStrike
- Netskope
- Python
- JSON
- REST APIs
- AWS
- SIEM Integration
- Cloud and Endpoint Security
Ideal Candidate
The ideal candidate is a hands-on security engineer with extensive experience implementing and managing Zscaler DLP and ZIA solutions. The candidate should be able to independently troubleshoot complex security issues, investigate DLP incidents, automate operational processes, and work effectively with both technical and nontechnical stakeholders.
The candidate must demonstrate strong ownership, attention to detail, sound security judgment, and the ability to balance data protection requirements with business productivity.