DLP & CASB Engineer

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

1. Incident Review & Investigation

• Review, analyze, and validate DLP and CASB alerts escalated by L1 analysts , ensuring accurate triage and risk classification.

• Investigate potential cases of data exfiltration, misuse, or policy violations across multiple channels:

• Email (O365, Exchange Online Protection, Gmail)

• Endpoint (Device Agents, Removable Media)
• Web/Cloud Applications (Box, OneDrive, SharePoint, Google Drive, Salesforce, etc.)
• Correlate events across systems (DLP, CASB, SIEM, and EDR) to identify multi-vector data leakage attempts .
• Escalate confirmed incidents with detailed context, evidence, and recommended containment actions to L3 SMEs or Incident Response teams .
• Participate in Root Cause Analysis (RCA) for confirmed data leakage incidents and propose preventive actions.

2. Policy Management & Tuning

• Collaborate with DLP/CASB SMEs to fine-tune detection rules , thresholds, and patterns to reduce false positives while maintaining high detection fidelity.
• Implement rule and policy changes based on evolving business and regulatory requirements (typically 10–50 changes per month for CASB ).
• Manage policy lifecycle processes , including testing, deployment, rollback, and documentation .
• Contribute to the development of custom detection patterns , data classifiers , and policy templates aligned with organizational data categories (PII, PCI, IP, etc.).
• Maintain synchronization and policy consistency across cloud and endpoint channels .

3. Platform Operations & Maintenance

• Monitor and ensure operational health and performance of DLP and CASB platforms (e.g., Forcepoint, Netskope, Microsoft Defender for Cloud Apps, Symantec, McAfee, or Palo Alto Prisma Access ).
• Validate integration with SIEM and ITSM tools (e.g., ServiceNow , Microsoft Sentinel , Splunk ) for alert ingestion, incident tracking, and reporting.

• Coordinate with OEM vendors and internal platform teams for:

• Product patching and upgrades

• Rule deployment validation
• Performance tuning and incident troubleshooting
• Maintain system hygiene , ensuring agents, connectors, and sensors are active and updated across all endpoints and applications.
• Conduct periodic configuration reviews to validate coverage, data patterns, and rule logic.

4. Governance, Reporting & Compliance

• Maintain comprehensive incident logs , RCA records , and policy change documentation .
• Support creation of monthly dashboards, SLA reports, and KPI summaries related to DLP/CASB operations.
• Participate in governance forums , audit reviews , and client-facing reporting sessions to present performance trends, risk metrics, and improvement plans.
• Ensure data protection configurations align with compliance frameworks (e.g., GDPR, HIPAA, PCI DSS, ISO
• Collaborate with risk and compliance teams to align detection and response strategies with corporate data handling policies .

5. Collaboration & Continuous Improvement

• Work closely with L1 monitoring teams , providing guidance on triage, escalation, and classification best practices.
• Support cross-skilling initiatives and assist in developing and updating SOPs, knowledge base articles, and training materials .
• Participate in threat modelling and data exfiltration use case development to enhance proactive detection and prevention capabilities.
• Identify and recommend automation opportunities for incident enrichment, false-positive suppression, and report generation.

Who You Are

• 6–10 years of hands-on experience in DLP/CASB engineering, administration, or operations .

• Strong technical expertise in at least one enterprise DLP platform :

• Forcepoint DLP

• Symantec DLP
• Microsoft Purview (formerly MIP/DLP)
• McAfee DLP

• Proficiency in CASB technologies , such as:

• Netskope

• Microsoft Defender for Cloud Apps
• McAfee MVISION Cloud
• Palo Alto Prisma Cloud Access Security Broker
• Good understanding of data classification , content inspection , encryption , and endpoint agents .
• Familiarity with SIEM platforms (e.g., Sentinel, Splunk, QRadar) and ITSM workflows (ServiceNow, Jira).
• Experience integrating DLP and CASB with email, endpoint, and SaaS ecosystems .
• Strong analytical, investigation, and documentation skills for incident triage and RCA.
• Working knowledge of network protocols, APIs, and cloud security architecture (SaaS/IaaS/PaaS) .

Being You

Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

What You Can Expect

With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred

If you know someone that works at Kyndryl, when asked 'How Did You Hear About Us' during the application process, select 'Employee Referral' and enter your contact's Kyndryl email address.