DLP SME

Peyton Resource Group

Washington DC, Washington DC

Apply

JOB DETAILS

SKILLS

Analysis Skills, Application Programming Interface (API), Authentication, Biomedical Research, Business Intelligence, CISA - Certified Information Systems Auditor, Capability Maturity Model (CMM), Change Management, Cisco Network Systems, Cloud Computing, Communication Skills, CompTIA Security+, Computer Science, Computer Security, Consumer Packaged Goods, Content Development, Corrective Action, Data Management, Database Technology, Department of Health and Human Services, Documentation, Email Security, Endpoint Security, Enterprise Endpoint, Enterprise Protection, Environmental Research, External Audit, FISMA - Federal Information Security Management Act, Federal Compliance Regulations, Federal Laws and Regulations, Homeland Security, IBM Product Family, IT Service Management (ITSM), ITIL (IT Infrastructure Library), Identify Issues, Incident Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, IronPort Product/Service Family, Knowledge Base, Leadership, Loss Prevention, Machine Tool, Metrics, Microsoft Product Family, Microsoft SQL Server, Multiplatform/Cross-Platform, MySQL, Network Monitoring, Operations Planning, Oracle Database, Oracle Platform Security Services (OPSS), Performance Metrics, Performance Tuning/Optimization, Policy Development, Policy Implementation, PostgreSQL, Presentation/Verbal Skills, Product Demonstration, Regulatory Reports, Regulatory Requirements, Report Distribution, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Root Cause Analysis, Security Information and Event Management (SIEM), Security Infrastructure, Service Level Agreement (SLA), ServiceNow, Software Administration, Software Configuration Management, Splunk, Standard Operating Procedures (SOP), Symantec Product Family, Systems Administration/Management, Technical Analysis, Technical Leadership, Technical Support, Telemetry, Time Management, Training Program, U.S. National Institute of Standards and Technology (NIST), Use Cases, Web Client Plug-ins, Writing Skills

LOCATION

Washington DC, Washington DC

POSTED

1 day ago

The Data Loss Prevention (DLP) Subject Matter Expert (SME) / Technical Lead provides expert-level technical leadership for an enterprise Data Loss Prevention program under the Cybersecurity Operations Services (COS) task order. This position is responsible for protecting the confidentiality, integrity, and availability of sensitive information across a highly distributed enterprise environment spanning approximately 44, 000 staff, 50, 000+ endpoints, 15, 000 servers, and extensive cloud and on-premises infrastructure.

The DLP SME serves as the primary technical authority for all DLP operations, engineering, risk management, compliance, and program maturity activities. A core requirement of this role is significant hands-on experience deploying and administering Symantec DLP in large enterprise environments, including integration with endpoint protection, database security platforms, SIEM, SOAR, and ITSM ticketing systems. The position also requires demonstrated ability to develop executive and operational dashboards and reports that translate DLP data into actionable intelligence for leadership and stakeholders.

ROLES & RESPONSIBILITIES

DLP Operations & Continuous Monitoring

● Continuously monitor, triage, and analyze DLP alerts and sensitive data loss incidents across enterprise platforms including endpoints, email (Cisco IronPort), web, and cloud (M365);
● Enforce DLP policies for data in motion, data at rest, and data in use;prevent unauthorized sharing or exfiltration of sensitive data including PII and PHI across all enterprise channels
● Coordinate with organizational components to investigate, remediate, and document DLP incidents;ensure local IT and security staff are supported and enterprise policies are consistently enforced
● Collaborate with Cybersecurity Operations and Privacy stakeholders to ensure DLP detections and controls remain aligned with organizational policy and applicable federal regulations
● Achieve and maintain target performance: detect and prevent ≥95% of potential data loss incidents;sustain ≥99.9% platform availability
● Provide timely executive notifications for significant DLP events: initial summary within 1 hour of discovery;full executive notification within 3 hours

Symantec DLP Engineering & Platform Administration

● Serve as primary technical expert for Symantec DLP deployed across a large enterprise —including Enforce Server, Network Monitor/Prevent, Endpoint Prevent/Discover, and centralized policy administration
● Design, implement, and maintain DLP policies, content inspection rules, custom identifiers, data profiles, response rules, and remediation workflows tailored to sensitive data categories across diverse transmission channels
● Perform application configuration, updates, plugin and detection signature management, and platform performance optimization to maintain accurate, timely detection and reporting
● Troubleshoot and resolve scan failures, authentication issues, agent connectivity problems, and asset visibility gaps with minimal disruption to operations
● Design, implement, and maintain integrations between Symantec DLP and supporting technologies:
○ Endpoint Detection & Response (EDR) and endpoint protection platforms for coordinated threat detection and response
○ Database security platforms (Oracle, SQL Server, PostgreSQL, MySQL) for data-at-rest DLP coverage
○ Enterprise SIEM (Splunk preferred) via syslog and API integrations for automated alerting, correlation, and use case development
○ SOAR platforms for automated DLP incident response playbook execution
○ ITSM / ticketing systems (ServiceNow) for automated incident ticket creation and full lifecycle management
○ Microsoft M365 and Cisco IronPort email security for enterprise-wide data-in-motion protection

Incident Response Support

● Collaborate with Cybersecurity Operations to ensure continuous incident response and threat mitigation for DLP events, including sharing incident intelligence, detection, triage, and escalation
● Conduct root cause analysis (RCA) on DLP incidents;deliver post-incident reports documenting findings, contributing factors, and recommended corrective actions
● Develop executive summaries for significant DLP incidents covering background, impact summary, risk assessment, in-progress actions, and decisions
● Develop and maintain DLP-specific incident response playbooks, SOPs, and knowledge base entries;integrate with the broader incident response framework
● Support containment and eradication efforts;recommend and implement policy or configuration updates to prevent recurrence

Reporting, Visualization & Dashboard Development

● Develop and maintain executive and operational DLP dashboards providing real-time visibility into incident trends, policy violations, remediation status, and SLA compliance —integrated into enterprise reporting platforms
● Produce and deliver compliance reports, enterprise service health reports, and SLA compliance reports by the 5th of each month (100% on-time delivery required)
● Create metrics frameworks aligned with organizational SLAs, KPIs, NIST SP 800-55 Rev. 1, CISA directives, and DHS Cybersecurity Performance Goals (CPGs)
● Develop automated report distribution workflows and standardized communications for advisories, dashboards, and policy guidance across all organizational components
● Translate complex DLP telemetry into clear, actionable intelligence for both technical analysts and executive leadership
● Support ad hoc data calls and regulatory reporting requirements (FISMA, DHS Cyber Hygiene, CISA directives, internal/external audits) within required response timeframes

Risk Management & Compliance

● Implement a structured process to evaluate DLP-related risk acceptance requests;ensure requests are justified, documented, time-bound, and aligned with applicable security controls
● Implement all approved risk acceptances within applicable tooling within 5 business days;disable or remove expired/deleted risk acceptances within 5 business days
● Collect, validate, and maintain audit evidence for DLP activities;support responses to oversight entity audits and inquiries including GAO, OIG, DHS/CISA, and HHS

Standards, Training & Program Maturity

● Develop, publish, and maintain enterprise-wide DLP standards, playbooks, tool usage guides, and SOPs ensuring consistent application across all organizational components
● Conduct annual Capability Maturity Model (CMM) assessments for Enterprise DLP capabilities;develop roadmaps detailing plans of action and milestones to achieve and maintain a 'Defined'maturity level
● Develop and deliver role-based DLP training materials for ISSOs, system administrators, application owners, and user communities;host quarterly workshops and live tool demonstrations
● Maintain all training resources —presentations, FAQs, recorded sessions, and quick reference guides —in the enterprise knowledge repository

REQUIRED QUALIFICATIONS

Education
● Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a closely related field preferred
● Relevant equivalent experience will be considered in lieu of degree where demonstrated technical expertise is documented

Experience
● Minimum 5 years of professional experience in cybersecurity or information security
● Minimum 3 years specifically with Data Loss Prevention (DLP) tools and technologies
● Experience leading or serving as primary technical point of contact in enterprise-scale DLP implementations —prior experience in large environments (10, 000+ endpoints/users), preferably supporting 50, 000+ clients
● Prior experience securely managing data protection in complex hybrid on-premises and cloud environments

Symantec DLP —Required Technical Expertise
● Demonstrated hands-on experience deploying, administering, and engineering Symantec DLP in a large enterprise environment, including:
○ Enforce Server administration, policy management, and detection server configuration (Network Monitor, Network Prevent, Endpoint Prevent, Endpoint Discover)
○ Developing and tuning content inspection policies, custom identifiers, data profiles, and response rules for diverse sensitive data types
○ Managing Symantec DLP agent deployment, health monitoring, version upgrades, and troubleshooting at scale
● Experience integrating Symantec DLP with SIEM platforms (Splunk strongly preferred) including syslog configuration, alert forwarding, SPL-based dashboard creation, and DLP use case development
● Experience integrating DLP with ITSM/ticketing platforms (ServiceNow preferred) for automated incident creation and lifecycle management
● Experience interconnecting DLP with endpoint protection / EDR platforms for coordinated detection and response
● Experience connecting DLP with database security platforms for data-at-rest coverage across common database engines

Reporting & Visualization
● Demonstrated proficiency developing DLP dashboards and reports in Splunk (SPL, dashboard panels, scheduled reports) or an equivalent SIEM/BI platform
● Ability to design executive-level reports and operational dashboards translating DLP telemetry into actionable business intelligence
● Experience building metrics frameworks aligned with SLAs, KPIs, and federal compliance reporting requirements
● Experience with automated report distribution and integration with enterprise GRC or governance platforms

Technical & Compliance Knowledge
● Operating data loss prevention tools across all three data states: data in motion, data at rest, and data in use
● Protecting sensitive data across transmission channels including M365, email (Cisco IronPort or equivalent), web proxies, and cloud collaboration platforms
● Design, implement, and maintain DLP policies, incident workflows, and governance processes;conduct risk assessments, policy tuning, and incident triage
● Hands-on experience with federal cybersecurity compliance frameworks: FISMA, NIST SP 800-53 Rev. 5, NIST SP 800-37 RMF, OMB M-21-31, DHS CDM
● Experience supporting ATO packages, POA&M management, and continuous monitoring deliverables
● Strong verbal and written communication skills;ability to explain complex DLP and data protection concepts to technical and non-technical stakeholders including executive leadership

PREFERRED QUALIFICATIONS

● Relevant certifications: Symantec DLP Administration/Implementation;CISSP;CISM;CompTIA Security+;CEH
● Experience in a federal health or biomedical research environment with sensitive research data classification challenges
● Experience with Microsoft Purview Information Protection and Microsoft Defender for Endpoint DLP in hybrid M365 and on-premises environments
● Proficiency with Splunk Enterprise Security (ES) including DLP-specific correlation searches, notable events, and risk-based alerting
● Experience with SOAR platforms (Splunk SOAR / Phantom or equivalent) for automating DLP incident response playbooks
● Experience with database security platforms (Imperva, IBM Guardium, or equivalent) and securing Oracle, SQL Server, PostgreSQL, and MySQL environments
● Experience with ITIL service management practices;familiarity with ServiceNow ITSM workflows including incident, problem, and change management
● Experience developing and delivering role-based cybersecurity training to diverse technical and non-technical audiences
● Experience supporting CDM program requirements and CISA CDM dashboard data feeds

About the Company

Peyton Resource Group

Established in 2001, Peyton Resource Group is a solution-based staffing company that matches businesses with top talent for short-term, long-term or permanent needs. People are a business’s most valuable asset. Peyton Resource Group is dedicated to helping companies find the best talent, matching professionals with jobs where they will thrive. With locations in Dallas/Fort Worth, San Antonio and Austin, we are available to serve your staffing needs throughout Texas and across the country.

COMPANY SIZE

100 to 499 employees

INDUSTRY

Staffing/Employment Agencies

WEBSITE

https://www.prg-usa.com/

Resume Resources

Free Resume Templates Free Resume Builder