Information Security Engineer - DLP

Core Responsibilities

• Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold.
• Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots.
• Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls.
• Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene.
• Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration.
• Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence.

What We're Looking For

Data Loss Prevention

• Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data.
• Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels.
• Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind.
• Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies.

Data Security Fundamentals

• Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement.
• Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient.
• Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure.
• Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting.

Detection & Response

• Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures.
• Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors.
• Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations.

What We Value

• Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores.
• Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft.
• Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection.

What We Require

• 5+ years of hands-on security experience, with the majority focused on data loss prevention, data protection, or insider threat programs.
• Proficiency in Python or a scripting language of your choice for detection development, policy automation, and forensic tooling.
• Active TS/SCI security clearance, or eligibility and willingness to obtain one.
• A portfolio of real work: policies you've designed, detections you've written, investigations you've led, or programs you've built.