|
The DLP Platform Engineer is responsible for designing, implementing, and maturing enterprise Data Loss Prevention (DLP) and CASB controls across IDEXX's collaboration and user platforms, including M365, Box, and endpoint/web exfiltration channels. This role ensures that DLP controls are deployed correctly, integrated across systems, and tuned for effectiveness and usability at scale, enabling measurable reduction in data loss and oversharing risk. This is a hands-on engineering leadership role focused on the how of DLP capability delivery and control effectiveness-working closely with the Data Security Program Lead, Data Security Architect, Cyber Defense/SOC, and IT platform teams. In this role, you will be responsible for...
DLP / CASB Platform Implementation
- Lead engineering for end-to-end implementation of the CASB/DLP solution across M365 (Exchange, SharePoint, OneDrive, Teams) and Box (internal/external collaboration), including phased rollout and deployment readiness.
- Establish a policy lifecycle and deployment approach (e.g., detect educate/warn block) aligned to business risk and adoption goals.
- Implement core detection models for IDEXX-relevant data types (e.g., regulated data, customer data, financial data, IP) using built-in and custom classifiers/regex as appropriate.
- Define and implement channel coverage for exfiltration paths (email, cloud sharing, web upload, removable media where applicable) in coordination with endpoint and browser controls.
Policy Design, Tuning & Effectiveness
- Translate data classification and handling requirements into high-confidence DLP policies that are actionable and enforceable across platforms.
- Continuously tune policies to improve signal quality (reduce false positives, increase true positives) and minimize user friction.
- Establish metrics and dashboards for control performance (alert volume, false positive rate, high-confidence detections, and trend-based risk reduction).
- Partner with stakeholders to implement user-facing controls (coaching, justification prompts, approvals) before enabling block actions broadly.
Integration & Operationalization with the SOC
- Integrate DLP alerts and telemetry into the SOC toolchain (SIEM/Case management) to enable triage, investigation, and escalation workflows.
- Develop and maintain DLP-related detection logic, routing, and severity models so SOC investigations are consistent and efficient.
- Support creation of playbooks for common scenarios (mass external sharing, mass download, suspicious upload, risky OAuth app activity where applicable), including evidence sources and response actions.
- Establish a feedback loop with SOC and Data Security Operations to refine policies based on incident patterns and operational findings.
Cross-Functional Collaboration
- Partner with the Data Security Program Lead to deliver roadmap milestones and ensure stakeholder alignment across IT, Data Engineering, and Security Operations.
- Partner with the Data Security Architect to align DLP policy design to enterprise control patterns and data management standards.
- Coordinate with End User Computing / M365 platform teams and Box administration to deploy controls safely and minimize disruption to business workflows.
Continuous Improvement & Expansion
- Expand DLP coverage over time to additional channels and SaaS applications as prioritized by the Data Security roadmap and DSPM findings.
- Identify automation opportunities for policy deployment, exception handling, and reporting to reduce operational overhead.
- Continuously evaluate product capabilities and recommend improvements to increase protection coverage and reduce data loss risk.
What you will need to succeed...
- 5-7+ years of experience in security engineering, data protection, security operations engineering, or related fields.
- Demonstrated experience implementing enterprise DLP/CASB solutions in complex environments. Hands-on expertise with DLP/CASB technologies (e.g., Microsoft Purview/M365 DLP, Zscaler, Netskope, or comparable platforms).
- Location: We are looking for someone driving distance to our Westbrook, Maine HQ for a flexible hybrid on-site requirement of 8 days per month. Alternatively, we are open to those in NH or ME who can visit our HQ less often.
- Strong understanding of common data exfiltration paths and user behavior patterns across email, collaboration, web, and endpoint channels.
- Ability to implement and tune data classifiers (built-in and custom), including pattern/regex-based detection where needed.
- Experience delivering security controls across collaboration ecosystems (M365 strongly preferred; Box or similar SaaS collaboration platforms).
- Experience integrating detections and alerts into SOC workflows (SIEM, case management, escalation processes).
- Working familiarity with identity and access signals (e.g., Entra ID) that influence DLP policy enforcement and investigation context.
- Familiarity with cloud environments and SaaS security principles (AWS preferred; Azure/GCP familiarity a plus).
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related technical field; or equivalent professional experience.
- Strong ownership mentality with a bias toward action and measurable outcomes.
- Ability to balance security enforcement with user experience to drive adoption and reduce workarounds.
- Strong collaboration skills across security, IT, and engineering teams; effective at influencing without authority.
- Ability to communicate technical control intent, tradeoffs, and operational impacts to technical and non-technical audiences.
If you had any of these experiences, it would be a plus...
- Experience deploying DLP controls across M365 + Box in an enterprise environment.
- Experience implementing DLP alongside data classification and governance programs.
- Experience with endpoint/browser controls and integration with EDR/XDR toolsets.
- Relevant certifications (e.g., CISSP, CCSP, Microsoft Security, vendor-specific DLP/CASB certifications).
What you can expect from us: * Base annual salary target: $110000 - $125000 (yes, we do have flexibility if needed) * Opportunity for annual cash bonus * Health / Dental / Vision Benefits Day-One * 5% matching 401k * Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more! Why IDEXX? We're proud of the work we do, because our work matters. An innovation leader in every industry we serve, we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy, to ensure safe drinking water for billions, and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10,000 talented people.
So, what does that mean for you? We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX, you will be supported by competitive compensation, incentives, and benefits while enjoying purposeful work that drives improvement.
Let's pursue what matters together. IDEXX values a diverse workforce and workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition, or any protected category prohibited by local, state, or federal laws. #LI-EV1
|