Data Protection Engineer
About The Position
Platinum Technologies is seeking a Data Protection Engineer to join our company. Weâre seeking a hands-on and technically proficient Data Protection Engineer to join the Network Execution Team supporting a critical initiative. This role is essential for the tactical implementation of data-centric security controls across the Command's hybrid environment, ranging from commercial cloud capabilities on NIPR to the rigid, disconnected constraints of the SIPR and Top-Secret networks. As a Data Protection Engineer, you will be the primary "hands-on-keyboard" implementer responsible for configuring, deploying, and tuning the encryption and labeling technologies that protect the Command's most sensitive data. You will translate the high-level architecture defined by the Chief Architect into concrete, enforceable policies within Microsoft Purview (for NIPR) and enterprise DRM platforms like Virtru or Kiteworks (for SIPR/Top Secret). You will move the Command from a passive "audit" posture to an active "block" posture, ensuring that data is encrypted and persistent protection travels with the file, regardless of where it is stored or transferred This role requires an active Top Secret/SCI. The position will be in Tampa, Florida.
Requirements
- Active Top-Secret clearance with SCI eligibility.
- Significant (3+ years) hands-on experience configuring Microsoft Information Protection (MIP), Sensitivity Labels, and DLP policies in a large enterprise or DoD environment.
- CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
- Proven experience implementing and managing enterprise encryption and Rights Management tools such as Virtru, Kiteworks, or Seclore, particularly in on-premise or hybrid configurations.
- Strong understanding of data classification methodologies, including the creation of custom sensitive info types (SITs) using Regex and Exact Data Match (EDM).
- Ability to diagnose and resolve complex issues related to encryption key management, policy propagation, and agent conflicts.
- Journeyman oA Journeyman labor category has 3 to 10 years of experience and a BA/BS or MA/MS degree. A Journeyman labor category typically performs all functional duties independently.
- Senior oA Senior labor category has over 10 years of experience and a MA/MS degree. A Senior labor category typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior labor category may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
Responsibilities
- Configure and deploy Sensitivity Labels, Auto-labeling policies, and Data Loss Prevention (DLP) rules within the Microsoft 365 E5 suite to classify and protect CUI and PII in SharePoint, OneDrive, and Exchange.
- Implement and manage enterprise Digital Rights Management (DRM) solutions (specifically Virtru or Kiteworks) to enforce encryption-at-rest and attribute-based access control on classified networks.
- Oversee the phased transition of security policies from "Monitoring" mode to "Blocking" mode, analyzing false positives and tuning classifiers (Regex, Keyword Dictionaries, Trainable Classifiers) to minimize mission disruption.
- Collaborate with the Trellix engineering team to ensure that data tags applied by Purview/DRM tools are correctly recognized and enforced by endpoint DLP agents on workstations.
- Assist in the manual "sneaker-net" transfer of policy updates and classification patterns to the air-gapped Top Secret environment, ensuring configuration consistency across all networks.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
