DLP (Data Loss Prevention) Platform Engineer
Westbrook, ME - USA
Job Summary
The DLP Platform Engineer is responsible for designing implementing and maturing enterprise Data Loss Prevention (DLP) and CASB controls across IDEXXs collaboration and user platforms including M365 Box and endpoint/web exfiltration channels. This role ensures that DLP controls are deployed correctly integrated across systems and tuned for effectiveness and usability at scale enabling measurable reduction in data loss and oversharing risk.
This is a hands-on engineering leadership role focused on the how of DLP capability delivery and control effectivenessworking closely with the Data Security Program Lead Data Security Architect Cyber Defense/SOC and IT platform teams.
In this role you will be responsible for
DLP / CASB Platform Implementation
- Lead engineering for end-to-end implementation of the CASB/DLP solution across M365 (Exchange SharePoint OneDrive Teams) and Box (internal/external collaboration) including phased rollout and deployment readiness.
- Establish a policy lifecycle and deployment approach (e.g. detect educate/warn block) aligned to business risk and adoption goals.
- Implement core detection models for IDEXX-relevant data types (e.g. regulated data customer data financial data IP) using built-in and custom classifiers/regex as appropriate.
- Define and implement channel coverage for exfiltration paths (email cloud sharing web upload removable media where applicable) in coordination with endpoint and browser controls.
Policy Design Tuning & Effectiveness
- Translate data classification and handling requirements into high-confidence DLP policies that are actionable and enforceable across platforms.
- Continuously tune policies to improve signal quality (reduce false positives increase true positives) and minimize user friction.
- Establish metrics and dashboards for control performance (alert volume false positive rate high-confidence detections and trend-based risk reduction).
- Partner with stakeholders to implement user-facing controls (coaching justification prompts approvals) before enabling block actions broadly.
Integration & Operationalization with the SOC
- Integrate DLP alerts and telemetry into the SOC toolchain (SIEM/Case management) to enable triage investigation and escalation workflows.
- Develop and maintain DLP-related detection logic routing and severity models so SOC investigations are consistent and efficient.
- Support creation of playbooks for common scenarios (mass external sharing mass download suspicious upload risky OAuth app activity where applicable) including evidence sources and response actions.
- Establish a feedback loop with SOC and Data Security Operations to refine policies based on incident patterns and operational findings.
Cross-Functional Collaboration
- Partner with the Data Security Program Lead to deliver roadmap milestones and ensure stakeholder alignment across IT Data Engineering and Security Operations.
- Partner with the Data Security Architect to align DLP policy design to enterprise control patterns and data management standards.
- Coordinate with End User Computing / M365 platform teams and Box administration to deploy controls safely and minimize disruption to business workflows.
Continuous Improvement & Expansion
- Expand DLP coverage over time to additional channels and SaaS applications as prioritized by the Data Security roadmap and DSPM findings.
- Identify automation opportunities for policy deployment exception handling and reporting to reduce operational overhead.
- Continuously evaluate product capabilities and recommend improvements to increase protection coverage and reduce data loss risk.
What you will need to succeed...
- 5-7 years of experience in security engineering data protection security operations engineering or related fields.
- Demonstrated experience implementing enterprise DLP/CASB solutions in complex environments. Hands-on expertise with DLP/CASB technologies (e.g. Microsoft Purview/M365 DLP Zscaler Netskope or comparable platforms).
- Location: We are looking for someone driving distance to our Westbrook Maine HQ for a flexible hybrid on-site requirement of 8 days per month. Alternatively we are open to those in NH or ME who can visit our HQ less often.
- Strong understanding of common data exfiltration paths and user behavior patterns across email collaboration web and endpoint channels.
- Ability to implement and tune data classifiers (built-in and custom) including pattern/regex-based detection where needed.
- Experience delivering security controls across collaboration ecosystems (M365 strongly preferred; Box or similar SaaS collaboration platforms).
- Experience integrating detections and alerts into SOC workflows (SIEM case management escalation processes).
- Working familiarity with identity and access signals (e.g. Entra ID) that influence DLP policy enforcement and investigation context.
- Familiarity with cloud environments and SaaS security principles (AWS preferred; Azure/GCP familiarity a plus).
- Bachelors degree in Computer Science Cybersecurity Engineering or related technical field; or equivalent professional experience.
- Strong ownership mentality with a bias toward action and measurable outcomes.
- Ability to balance security enforcement with user experience to drive adoption and reduce workarounds.
- Strong collaboration skills across security IT and engineering teams; effective at influencing without authority.
- Ability to communicate technical control intent tradeoffs and operational impacts to technical and non-technical audiences.
If you had any of these experiences it would be a plus...
- Experience deploying DLP controls across M365 Box in an enterprise environment.
- Experience implementing DLP alongside data classification and governance programs.
- Experience with endpoint/browser controls and integration with EDR/XDR toolsets.
- Relevant certifications (e.g. CISSP CCSP Microsoft Security vendor-specific DLP/CASB certifications).
What you can expect from us:
Base annual salary target: $110000 - $125000 (yes we do have flexibility if needed)
Opportunity for annual cash bonus
Health / Dental / Vision Benefits Day-One
5% matching 401k
Additional benefits including but not limited to financial support pet insurance mental health resources volunteer paid days off employee stock program foundation donation matching and much more!
Why IDEXX
Were proud of the work we do because our work matters. An innovation leader in every industry we serve we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy to ensure safe drinking water for billions and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10000 talented people.
So what does that mean for you We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX you will be supported by competitive compensation incentives and benefits while enjoying purposeful work that drives improvement.
Lets pursue what matters together.
IDEXX values a diverse workforce and workplace and strongly encourages women people of color LGBTQ individuals people with disabilities members of ethnic minorities foreign-born residents and veterans to apply.
IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race color creed sex sexual orientation gender identity or expression age religion national origin citizenship status disability ancestry marital status veteran status medical condition or any protected category prohibited by local state or federal laws.
#LI-EV1
Required Experience:
IC