# Information Security Engineer - DLP
**Company:** [Palantir](https://hotfix.jobs/companies/palantir)
**Location:** Washington, DC
**Experience:** 5+ years
**Skills:** Dlp, Data Loss Prevention, Python, Content Inspection, Data Classification, Endpoint Agents, Network Inspection, Cloud Api, Regex, Fingerprinting, Ocr, Log Analysis, SIEM, Incident Response, Forensics
**Posted:** 2026-04-15
> Information Security Engineer specializing in Data Loss Prevention (DLP) owns policy architecture, deploys protection tooling across endpoint/network/cloud, builds automation for security operations, and investigates exfiltration incidents. Requires 5+ years in DLP/insider threats, Python proficiency, and TS/SCI clearance eligibility.
## Job Description
## Core Responsibilities

- Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold.
- Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots.
- Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls.
- Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene.
- Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration.
- Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence.

## What We're Looking For

### Data Loss Prevention

- Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data.
- Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels.
- Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind.
- Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies.

### Data Security Fundamentals

- Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement.
- Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient.
- Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure.
- Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting.

### Detection & Response

- Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures.
- Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors.
- Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations.

### What We Value

- Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores.
- Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft.
- Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection.

### What We Require

- 5+ years of hands-on security experience, with the majority focused on data loss prevention, data protection, or insider threat programs.
- Proficiency in Python or a scripting language of your choice for detection development, policy automation, and forensic tooling.
- Active TS/SCI security clearance, or eligibility and willingness to obtain one.
- A portfolio of real work: policies you've designed, detections you've written, investigations you've led, or programs you've built.
**Apply:** https://hotfix.jobs/jobs/information-security-engineer-dlp-at-palantir-409ec34c-5b4e-41b3-b289-50215a151e03
**Canonical:** https://hotfix.jobs/jobs/information-security-engineer-dlp-at-palantir-409ec34c-5b4e-41b3-b289-50215a151e03