Contract · Poss. to Hire
Hybrid · Charlotte, NC
W2 Only · No 3rd Parties
Experience
Serve as an offensive security specialist within the Enterprise Information Protection (EIP) program, responsible for testing, validating, and stress-testing DLP controls against real-world insider threat and data exfiltration scenarios. This role thinks like a malicious insider - employee, contractor, or compromised identity - to simulate data loss techniques across endpoints, email, cloud collaboration platforms, and unstructured data repositories. Findings directly inform control improvements, detection tuning, policy enforcement, and insider risk modeling.
Responsibilities
Design and execute red team-style data exfiltration scenarios aligned to insider threat, negligent user, and compromised account risk.
Simulate data loss techniques across endpoint, email, cloud storage, collaboration tools, web upload, printing, and removable media.
Test DLP controls for bypass techniques, misconfigurations, policy gaps, and detection blind spots.
Emulate high-risk behaviors tied to role-based access, privileged users, leavers, and third-party identities.
Validate effectiveness of DLP policies, sensitivity labels, endpoint controls, and alerting logic.
Partner with EIP engineering teams to tune detection rules, thresholds, and policy guardrails.
Execute testing tied to new DLP capabilities, roadmap initiatives, and tool deployments such as endpoint DLP and unstructured data controls.
Produce clear, defensible reports outlining attack paths, control weaknesses, risk severity, and remediation guidance.
Present findings to EIP leadership, Insider Risk governance forums, and control owners.
Track remediation activities and validate improvements through retesting.
Required Tools & Platforms
Microsoft Purview Varonis Proofpoint TRAP Proofpoint TAP Proofpoint CASB
Skills & Experience
Core Technical Skills
Red Team / Adversary Simulation DLP Bypass Techniques Data Exfiltration Testing Endpoint Security Controls Email Security Cloud Security (CASB) Sensitivity Labels Unstructured Data Environments Purple Team Operations Detection Tuning Policy Gap Analysis Threat Modeling
Insider Risk & Domain
Insider Threat Programs Privileged User Emulation Leaver / Joiner Risk 3rd-Party Identity Risk Human-Centric Threat Modeling Insider Risk Governance
Industry Background
Financial Services Healthcare Technology / Regulated Env.
#LI-EW1
For over two decades, Sharp Decisions has provided superior, award-winning service in strategic business and technology consulting services to government agencies at all levels, as well as domestic and global corporations. With subject matter expertise in Investment Banking, Finance, Healthcare, Media & Telecommunications, and Manufacturing, Sharp Decisions is well equipped to serve your needs.
Established in 1990 with headquarters in New York City, and locations in Princeton, Charlotte, Los Angeles, Phoenix, Europe and Canada, Sharp Decisions has been the technology backbone for a client portfolio that includes an array of well-known companies. As a Certified Woman-Owned Business Enterprise and approved vendor, Sharp Decisions offers a powerful, cost-effective advantage. We actively partner with other MBEs to add value and meet diversity program requirements.
Sharp Decisions is also committed to hiring and training post-9/11, tech-savvy U.S. armed forces veterans through our V.E.T.S.â„¢ (Vocation, Education and Training for Service members) Program, but we cannot do it alone. Companies like EmblemHealth, Freddie Mac and Experian have stepped up to bring aboard our highly qualified and skilled veterans. We need more companies like them to take a stand and bring our veterans aboard. Our clients have told us that our veterans are more effective than their college hires because two weeks on the job for them equates to 2-3 years of experience! Learn more at www.sharpdecisions.com/vetsprogram.