Apply on Employer Site

Leidos · 15 hours ago

Data Protection Engineer

Tampa, FL

Full-time

Onsite

Mid Level

$70K/yr - $126K/yr

3+ years exp

Leidos is a technology company that specializes in solving high-stakes problems with innovative solutions. They are seeking a Data Protection Engineer to support a critical Zero Trust initiative at U.S. Special Operations Command, focusing on the tactical implementation of data-centric security controls across a hybrid environment.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Microsoft Purview Implementation (NIPR): Configure and deploy Sensitivity Labels, Auto-labeling policies, and Data Loss Prevention (DLP) rules within the Microsoft 365 E5 suite to classify and protect CUI and PII in SharePoint, OneDrive, and Exchange

DRM & Encryption Configuration (SIPR/Top Secret): Implement and manage enterprise Digital Rights Management (DRM) solutions (specifically Virtru or Kiteworks) to enforce encryption-at-rest and attribute-based access control on classified networks

Policy Tuning & Enforcement: Oversee the phased transition of security policies from "Monitoring" mode to "Blocking" mode, analyzing false positives and tuning classifiers (Regex, Keyword Dictionaries, Trainable Classifiers) to minimize mission disruption

Endpoint Protection: Collaborate with the Trellix engineering team to ensure that data tags applied by Purview/DRM tools are correctly recognized and enforced by endpoint DLP agents on workstations

Cross-Domain Support: Assist in the manual "sneaker-net" transfer of policy updates and classification patterns to the air-gapped Top Secret environment, ensuring configuration consistency across all networks

Qualification

Microsoft PurviewDRM/EncryptionData ClassificationTechnical TroubleshootingCompTIA Security+ CETrellix DLPNetApp BlueXPBigIDUSSOCOM ExperienceDoD Data StrategyMicrosoft SC-400Virtru CertificationKiteworks Certification

Required

Active Top-Secret clearance with SCI eligibility (TS/SCI)

Bachelor of Science (BS) degree in Systems Engineering, Computer Science, Cybersecurity, Electrical Engineering, or a related technical field

Significant (3+ years) hands-on experience configuring Microsoft Information Protection (MIP), Sensitivity Labels, and DLP policies in a large enterprise or DoD environment

Proven experience implementing and managing enterprise encryption and Rights Management tools such as Virtru, Kiteworks, or Seclore, particularly in on-premise or hybrid configurations

Strong understanding of data classification methodologies, including the creation of custom sensitive info types (SITs) using Regex and Exact Data Match (EDM)

Ability to diagnose and resolve complex issues related to encryption key management, policy propagation, and agent conflicts

CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements