DLP & CASB Engineer

This job is with Kyndryl, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role Key Responsibilities

1. Incident Review & Investigation Review, analyze, and validate

DLP and CASB alerts

escalated by

L1 analysts , ensuring accurate triage and risk classification.

Investigate potential cases of

data exfiltration, misuse, or policy violations

across multiple channels: Email (O365, Exchange Online Protection, Gmail)

Endpoint (Device Agents, Removable Media)

Web/Cloud Applications (Box, OneDrive, SharePoint, Google Drive, Salesforce, etc.)

Correlate events across systems (DLP, CASB, SIEM, and EDR) to identify

multi-vector data leakage attempts .

Escalate

confirmed incidents

with detailed context, evidence, and recommended containment actions to

L3 SMEs or Incident Response teams .

Participate in

Root Cause Analysis (RCA)

for confirmed data leakage incidents and propose preventive actions.

2. Policy Management & Tuning Collaborate with

DLP/CASB SMEs

to

fine-tune detection rules , thresholds, and patterns to reduce

false positives

while maintaining high detection fidelity.

Implement

rule and policy changes

based on evolving business and regulatory requirements (typically

10-50 changes per month for CASB ).

Manage

policy lifecycle processes , including

testing, deployment, rollback, and documentation .

Contribute to the

development of custom detection patterns ,

data classifiers , and

policy templates

aligned with organizational data categories (PII, PCI, IP, etc.).

Maintain synchronization and policy consistency across

cloud and endpoint channels .

3. Platform Operations & Maintenance Monitor and ensure

operational health and performance

of DLP and CASB platforms (e.g.,

Forcepoint, Netskope, Microsoft Defender for Cloud Apps, Symantec, McAfee, or Palo Alto Prisma Access ).

Validate

integration with SIEM and ITSM tools

(e.g.,

ServiceNow ,

Microsoft Sentinel ,

Splunk ) for alert ingestion, incident tracking, and reporting.

Coordinate with

OEM vendors and internal platform teams

for: Product patching and upgrades

Rule deployment validation

Performance tuning and incident troubleshooting

Maintain

system hygiene , ensuring agents, connectors, and sensors are active and updated across all endpoints and applications.

Conduct

periodic configuration reviews

to validate coverage, data patterns, and rule logic.

4. Governance, Reporting & Compliance Maintain comprehensive

incident logs ,

RCA records , and

policy change documentation .

Support creation of

monthly dashboards, SLA reports, and KPI summaries

related to DLP/CASB operations.

Participate in

governance forums ,

audit reviews , and

client-facing reporting sessions

to present performance trends, risk metrics, and improvement plans.

Ensure

data protection configurations

align with

compliance frameworks

(e.g., GDPR, HIPAA, PCI DSS, ISO 27001).

Collaborate with risk and compliance teams to align detection and response strategies with

corporate data handling policies .

5. Collaboration & Continuous Improvement Work closely with

L1 monitoring teams , providing guidance on triage, escalation, and classification best practices.

Support

cross-skilling initiatives

and assist in developing and updating

SOPs, knowledge base articles, and training materials .

Participate in

threat modelling

and

data exfiltration use case development

to enhance proactive detection and prevention capabilities.

Identify and recommend

automation opportunities

for incident enrichment, false-positive suppression, and report generation.

Who You Are Required Skills & Experience

6-10 years

of hands-on experience in

DLP/CASB engineering, administration, or operations .

Strong technical expertise in

at least one enterprise DLP platform : Forcepoint DLP

Symantec DLP

Microsoft Purview (formerly MIP/DLP)

McAfee DLP

Proficiency in

CASB technologies , such as: Netskope

Microsoft Defender for Cloud Apps

McAfee MVISION Cloud

Palo Alto Prisma Cloud Access Security Broker

Good understanding of

data classification ,

content inspection ,

encryption , and

endpoint agents .

Familiarity with

SIEM platforms

(e.g., Sentinel, Splunk, QRadar) and

ITSM workflows

(ServiceNow, Jira).

Experience integrating

DLP and CASB with email, endpoint, and SaaS ecosystems .

Strong analytical, investigation, and documentation skills for incident triage and RCA.

Working knowledge of

network protocols, APIs, and cloud security architecture (SaaS/IaaS/PaaS) .

Being You Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter - wherever you are in your life journey. Our employee

learning programs

give you access to the best learning in the industry to receive certifications,

including Microsoft,

Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations.

At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred! If you know someone that works at Kyndryl, when asked 'How Did You Hear About Us' during the application process, select 'Employee Referral' and enter your contact's Kyndryl email address. ]]>