Data Protection Engineer

Summary

Join ServiceNow as a Staff Data Protection Engineer to lead and mature Data Loss Prevention (DLP) and UEBA detection capabilities. You will be the expert in building, optimizing, and tuning DLP rulesets to accurately detect risky data movement and insider threats. This role involves end-to-end ownership of Insider Risk Management projects and developing high-fidelity detections. Collaboration with Legal, Privacy, and Business Units is crucial for mapping data classifications to DLP policies. You will also work with Incident Response and Threat Hunting teams to improve alert triage workflows. The position requires expertise in DLP rule creation, tuning, and validation across various platforms.

Requirements

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry
• 9+ years in Security Engineering, Data Protection, or Threat Detection roles
• Expert-level experience with DLP rule creation, tuning, and validation
• Familiarity with email, endpoint, and cloud data flows
• Ability to balance detection fidelity and business usability
• Strong written skills for documenting rule behavior, assumptions, and tuning decisions
• Familiarity with using Honey Tokens

Responsibilities

• Design, build, and fine-tune DLP/UEBA rules and policies across various platforms (e.g., Microsoft Purview, Zscaler, CoSoSys , BigID etc.)
• End to End ownership of projects related to Insider Risk Management
• Develop high-fidelity detections for use cases
• Lead coverage gap analysis and continuously expand detection logic to new threat scenarios or business data types
• Partner with Legal, Privacy, and Business Units to map data classifications to DLP policies
• Work with Incident Response and Threat Hunting teams to improve alert triage workflows and reduce false positives
• Collaborate with engineering teams to enable test environments and simulate DLP scenarios for validation
• Produce documentation around policy design rationale, tuning decisions, rule changes, and test results