Senior Data Security Engineer (USSOCOM-Zero Trust, Azure Security & DLP)

Kentro

$100K — $130K *
Aerospace & Defense
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Master's degree in Computer Science, Cybersecurity, Information Technology, or related field.
  • 10+ years of experience in enterprise systems engineering, data security, or cybersecurity operations.
  • Expert-level proficiency in Microsoft Azure security architecture with emphasis on Microsoft Purview and Microsoft Defender XDR.
  • Proven ability in designing and enforcing Trellix DLP policies at an enterprise scale, particularly with Palantir integration.
  • Strong experience with Active Directory and Azure Rights Management within complex cloud environments.
  • Hands-on expertise in Microsoft Security tools like Entra ID and Conditional Access.
  • Current DoD 8570/8140 IAT Level III certification (e.g., CISSP, CASP+, etc.)

Responsibilities

  • Architect and manage comprehensive Azure security solutions, focusing on Microsoft Purview and Microsoft Defender XDR.
  • Design and configure security policies within the Microsoft Defender suite to manage identity and device compliance.
  • Deploy and enforce Trellix DLP policies to prevent unauthorized data exfiltration.
  • Manage AD-RMS and Azure RMS for persistent protection of files and emails.
  • Integrate data catalog and metadata systems with DLP tools to enhance data security monitoring.
  • Collaborate with mission owners to optimize DLP rules and classifiers for USSOCOM data types.

Benefits

  • Competitive benefits package including paid time off and healthcare coverage.
  • 401k plan with employer match and additional discount perks.
  • Education reimbursement available for certifications and professional development.
  • Culture promoting continuous learning and professional growth.
  • Team-building activities and charity events to foster a positive workplace.
Full Job Description
Overview

Kentro is hiring for Senior Data Security Engineer to support USSOCOM EDAT Zero Trust.

Before data can be protected under a Zero Trust architecture, it must be understood and precisely controlled. You will be responsible for securing the Command's complex information environment, ranging from hyperscale cloud data lakes on NIPR to legacy file shares and isolated storage arrays on the SIPR and Top-Secret networks.

As a Senior Data Security Engineer, you will architect, deploy, and manage advanced data rights management, DLP policies, and security monitoring solutions. You will serve as the premier subject matter expert for Microsoft Azure security, with a heavy focus on Microsoft Purview and Microsoft Defender XDR.

Furthermore, you will lead the implementation of Trellix Full Data Loss Prevention (DLP) and the Microsoft Defender suite to enforce continuous compliance, prevent unauthorized data exfiltration, and establish secure access boundaries for USSOCOM's critical intelligence

Location: Hybrid in Tampa, Florida

Responsibilities

  • Azure Security & XDR: Architect and manage comprehensive Azure security solutions, serving as the primary lead for deploying and tuning Microsoft Purview and Microsoft Defender XDR across hybrid and classified environments.
  • Defender & Access Policy: Design and configure precise security policies within the Microsoft Defender suite, specifically leveraging Microsoft Purview, Microsoft Defender for Cloud Apps (MCAS), Entra ID, and Microsoft Conditional Access to control resource access based on identity, device compliance, and risk.
  • Trellix DLP Enforcement: Design, deploy, and enforce Trellix Full Data Loss Prevention (DLP) policies across endpoints and networks to stop unauthorized exfiltration of CUI and classified data without impacting mission performance.
  • Data Rights Management: Manage Active Directory Rights Management (AD-RMS) and Azure RMS as the primary DRM engines to enforce persistent, encryption-based protection of files and emails across USSOCOM networks.
  • Catalog & DLP Integration: Drive data catalog integration and metadata synchronization with enterprise platforms including Palantir, Microsoft Unified Catalog, Purview Audit, and Activity Explorer. Specifically, lead the integration of Palantir catalog solutions with Data Loss Prevention (DLP) tools to ensure seamless, end-to-end data security and monitoring.
  • Classification Tuning: Collaborate with mission owners to train classifiers and DLP rules to recognize unique USSOCOM data types (e.g., mission names, operational codes) and drastically reduce false positive rates in security alerts.


Qualifications

  • Education: Master's degree (MA/MS) in Computer Science, Cybersecurity, Information Technology, or a related technical discipline.
  • Experience: 10+ years of relevant experience in enterprise systems engineering, data security, or cybersecurity operations.
  • Technical Skills:
    • Azure Security Expert: Expert-level proficiency in Microsoft Azure security architecture, with a dedicated focus on implementing and managing Microsoft Purview and Microsoft Defender XDR.
    • Microsoft Security Stack: Deep, hands-on expertise in the broader Microsoft Defender suite, specifically:
      • Microsoft Purview (Sensitivity Labeling, DLP, Information Barrier policies).
      • Microsoft Defender for Cloud Apps (Cloud Access Security Broker - CASB policies).
      • Microsoft Entra ID (Identity and Access Management).
      • Microsoft Conditional Access (Context-aware, zero-trust security policies).
    • Trellix & Palantir DLP Expertise: Proven experience designing, tuning, and enforcing Trellix Full Data Loss Prevention (DLP) policies at an enterprise scale. Must have specific expertise in the integration of Palantir catalog solutions with Data Loss Prevention tools.
    • Data Rights Management: Strong experience implementing and administering AD-RMS and Azure RMS in complex, multi-domain, or hybrid cloud environments.
    • Data Catalog Integration: Proven experience integrating and managing metadata across enterprise catalogs such as Palantir, Microsoft Unified Catalog, and utilizing Purview Audit and Activity Explorer.
    • Storage & Database Knowledge: Strong understanding of storage protocols (NFS, SMB/CIFS, S3) and database structures (SQL, NoSQL) to troubleshoot security scanning access.
  • Required Certifications:
  • Must possess one of the following DoD 8570/8140 IAT Level III certifications:
    • CISSP
    • CASP+
    • CCSP
    • CISM

Preferred Technical Skills (A-Plus):
  • Advanced knowledge of Kusto Query Language (KQL) for writing sophisticated detection rules, hunting queries, and diagnostic analysis within Microsoft Sentinel/Defender XDR.
  • Strong proficiency in Splunk Processing Language (SPL) for building advanced dashboards, alerts, and performing forensic analysis.

Clearance Requirement:
  • TS/SCI
  • Must be a US Citizen


Benefits

We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more. We invest in our employees - Every employee is eligible for education reimbursement for certifications, degrees, or professional development. Reimbursement amounts may fluctuate due to IRS limitations. We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking. We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.

We work hard; we play hard. Kentro is committed to incorporating fun into every day. We dedicate funds for activities - virtual and in-person - e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations. In alignment with our commitment to our communities, we also host and attend charity galas/events. We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.

How to Apply

To apply to Kentro Positions- Please click on the job link and then click the blue "Apply" button at the top right of Job Description. Please upload your resume and complete all the application steps. You must fully submit the application for Kentro to consider you for a position. If you need alternative application methods, please email [redacted] and request assistance.

Accommodations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. If you need to discuss reasonable accommodations, please email [redacted].

#LI-SH1

Similar Jobs

More Jobs at Kentro

More Aerospace & Defense Jobs

Find similar Senior Data Security Engineer (USSOCOM-Zero Trust, Azure Security & DLP) jobs: