Data Protection Engineer (Trellix)

About The Position

Requirements

• Active Top-Secret/SCI clearance
• Master of Science (MS) degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
• Minimum ten (10+) years of related technical experience.
• Extensive (5+ years) hands-on experience architecting and administering Trellix (McAfee) ePolicy Orchestrator (ePO) and Data Loss Prevention (DLP) Endpoint products.
• Deep understanding of Device Control policies for managing removable storage, peripheral devices, and printing in a secure environment.
• Proficiency in creating custom data identifiers using Regular Expressions (Regex) and dictionaries to detect sensitive information.
• Proven ability to troubleshoot complex agent-based issues on Windows endpoints, including conflict resolution with other security software.

Responsibilities

• Lead the design and configuration of Trellix DLP Endpoint policies within the ePolicy Orchestrator (ePO) on SIPR and Top-Secret networks to monitor and block unauthorized data transfer vectors (USB, Web, Print, Clipboard).
• Create and refine complex data classification rules and regex patterns to identify specific sensitive data types, actively tuning policies to reduce false positives and transition from "Audit" to "Block" mode.
• Manage the unique lifecycle of the ePO environment on the Top-Secret network, including the manual "sneaker-net" transfer of policy updates, agent patches, and threat intelligence definitions.
• Configure ICAP integration between Trellix and other security components (such as Kiteworks or Web Proxies) to extend DLP inspection to network traffic and file transfers.
• Serve as the Tier 3 escalation point for DLP incidents, analyzing blocked actions and working with the SOC/SIEM team to ensure alerts are properly ingested into Splunk.