Data Security Engineer (DRM Specialist) – Senior, Zero Trust Program (USSOCOM)

About The Position

Requirements

• Active Top-Secret clearance with SCI eligibility.
• Senior Level: Master of Science (MS) degree in Cybersecurity, Computer Science, Mathematics (Cryptography focus), or a related technical field.
• Senior Level: 10+ years of related technical experience.
• DRM Expertise: Extensive hands-on experience (5+ years) designing and administering Enterprise Digital Rights Management (EDRM) or Information Rights Management (IRM) systems, specifically Kiteworks, Microsoft Azure Information Protection (AIP/RMS), or Virtru.
• Encryption Standards: Deep understanding of cryptographic protocols (AES-256, RSA), Public Key Infrastructure (PKI), and Key Management Service (KMS) operations.
• Policy Logic: Proven ability to design complex Attribute-Based Access Control (ABAC) logic and Conditional Access policies.
• Cross-Domain Knowledge: Understanding of how encryption travels across Cross-Domain Solutions (CDS) and the challenges of key management in air-gapped networks.
• Required: CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.

Nice To Haves

• Experience with Hardware Security Modules (HSM) (e.g., Thales, Entrust).
• Knowledge of NIST SP 800-53 controls related to System and Information Integrity (SI) and Media Protection (MP).
• Experience integrating DRM tools with SailPoint for identity attribute consumption.
• Kiteworks Administrator Certification.
• Preferred: Microsoft Information Protection Administrator (SC-400).
• Preferred: Certified Information Systems Security Professional (CISSP).

Responsibilities

• Enterprise DRM Architecture: Architect and configure the Kiteworks Private Content Network (SIPR/Top Secret) and Microsoft Purview (NIPR) to serve as the central Policy Decision Points (PDP) for file access.
• ABAC Policy Design: Translate NIST 8112 metadata attributes into concrete DRM policies (e.g., "Allow View ONLY if User.Clearance >= TopSecret AND Device.State = Compliant").
• Key Management: Manage the lifecycle of encryption keys (Bring Your Own Key - BYOK, Customer Managed Keys) ensuring FIPS 140-2/3 compliance and availability across hybrid and air-gapped environments.
• Secure Collaboration: Configure advanced DRM features such as SafeVIEW and SafeEDIT in Kiteworks to allow users to view and edit sensitive documents in a secure, containerized stream without the data ever leaving the controlled repository.
• Policy Enforcement: Define and enforce "Rights Management" controls, specifically preventing actions like Copy/Paste, Screen Capture, and Printing for documents tagged with specific sensitivity labels (e.g., CUI, Secret/NoForn).