Skip to content
PalantirPalantirNew York, NY

Information Security Engineer - DLP

Owns Palantir's global DLP program, managing policy architecture, deploying protection tools across endpoint/network/cloud, building automation, and investigating exfiltration incidents. Requires 5+ years in DLP/insider threats, Python proficiency, and TS/SCI clearance eligibility.

Salary not listed
Hybrid5+ YOESecurity Engineering

About the role

Core Responsibilities

  • Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold.
  • Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots.
  • Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls.
  • Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene.
  • Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration.
  • Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence.

What We're Looking For

Data Loss Prevention

  • Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data.
  • Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels.
  • Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind.
  • Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies.

Data Security Fundamentals

  • Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement.
  • Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient.
  • Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure.
  • Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting.

Detection & Response

  • Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures.
  • Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors.
  • Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations.

What We Value

  • Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores.
  • Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft.
  • Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection.

What We Require

  • 5+ years of hands-on security experience, with the majority focused on data loss prevention, data protection, or insider threat programs.
  • Proficiency in Python or a scripting language of your choice for detection development, policy automation, and forensic tooling.
  • Active TS/SCI security clearance, or eligibility and willingness to obtain one.
  • A portfolio of real work: policies you've designed, detections you've written, investigations you've led, or programs you've built.

Skills

DlpData Loss PreventionPythonContent InspectionRegular ExpressionsFingerprintingOcrCloud SecurityIaasSaaSIncident ResponseLog AnalysisForensicsEndpoint AgentsNetwork Inspection
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering