Sr DLP Security Operations/Security Ops Analyst II

Job Title

Cybersecurity Operations Analyst DLP

Level

Professional (Level 4 6)

Job Family

Security

FLSA Status

Exempt / Non-Exempt (as applicable)

Job Purpose

The Cybersecurity Operations Analyst DLP is responsible for managing and strengthening the organization's Data Loss Prevention (DLP) program. This role focuses on designing, implementing, tuning, and monitoring DLP controls to prevent unauthorized access, sharing, or exfiltration of sensitive and regulated data across on-premises, cloud, SaaS, and endpoint environments.

Key Responsibilities

DLP Security Operations

• Lead the expansion and continuous improvement of DLP initiatives across the organization, including global operations.

• Develop, maintain, and enforce DLP policies, standards, and operational playbooks aligned with regulatory and compliance requirements.

• Administer, tune, and support DLP technologies across email, web, endpoint, cloud, and SaaS platforms.

• Monitor DLP alerts and data movement activities to detect and prevent potential data loss events.

• Investigate suspected data loss incidents and ensure timely containment, remediation, and resolution.

• Integrate threat intelligence to adapt DLP controls against emerging tactics, techniques, and procedures targeting sensitive data.

• Review and approve new systems, applications, and deployments to ensure alignment with DLP monitoring and compliance needs.

• Document DLP incidents, investigations, root causes, and remediation actions to support audits and continuous improvement.

• Collaborate with IT and Security teams to automate DLP alerts, workflows, and response actions.

• Provide off-hours or on-call support as required to maintain 24/7 data protection coverage.

Incident Response

• Monitor and analyze DLP alerts across email, web, endpoint, and cloud platforms.

• Differentiate between false positives and confirmed incidents.

• Investigate user behavior and data handling activities related to alerts.

• Assess whether incidents are accidental, negligent, or malicious in nature.

• Escalate high-risk or sensitive cases to Legal, HR, or Security leadership as appropriate.

• Take immediate containment actions such as disabling sharing, blocking transfers, or isolating endpoints.

• Maintain accurate and complete case documentation in incident tracking systems.

• Recommend user awareness or targeted coaching when policy violations are identified.

• Continuously improve DLP rules and detection logic to reduce noise and improve accuracy.

• Track, analyze, and report DLP incident trends and metrics (volume, type, resolution time).

• Support internal and external audits, compliance reviews, and policy updates.

Emerging Threat Monitoring

• Stay current with evolving cybersecurity threats, insider risk trends, and data protection techniques.

• Apply new threat insights to enhance DLP detection and response capabilities.

Service Desk and Security Operations Support

• Assist with investigation and resolution of security-related issues.

• Work closely with internal IT teams and external security service providers as needed.

Required Skills and Capabilities

Security Monitoring

• Experience working with IT teams and managed security service providers (MSSPs).

• Ability to analyze and correlate security events from SIEM, DLP, IDS, EDR, AV, and endpoint tools.

• Strong understanding of defense-in-depth security principles and monitoring best practices.

• Ability to clearly communicate security risks, incidents, and recommendations to technical and non-technical stakeholders.

Incident Response

• Hands-on experience performing incident response and basic forensic analysis.

• Ability to manage incidents from detection through containment, r