Senior Data Loss Prevention Engineer

Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications.

As we continue to grow, we’re looking for a skilled Data Loss Prevention Engineer to join our dynamic team and contribute to our mission of transforming business processes through technology.

This is a fantastic opportunity to join an established and well-respected organization offering tremendous career growth potential.

Data Loss Prevention Engineer

Job Title: Data Loss Prevention Engineer

Location: 100% Remote (Continental United States)

Position Type: In-house Bright Vision Technologies SOW engagement (no third-party client or vendor)

Salary: $100K - $150K / Annum

Experience: 7+ years

Sponsorship: No new H1B sponsorship available. H1B transfers welcomed for qualified candidates.

Employment Type: Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party)

Engagement: Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap

Compensation: Competitive base salary commensurate with experience, plus benefits.

Employment Terms & Visa Policy

This is a 100% remote, full-time, direct W2 position with Bright Vision Technologies.

This role is part of Bright Vision Technologies’ in-house Statement of Work (SOW) engagement. The client, end customer, and employer for this position is Bright Vision Technologies — there is no third-party client, vendor, or implementation partner involved.

We do not engage in C2C, 1099, or third-party arrangements for this role.

BUT STRICTLY NO C2C/1099/3RD PARTY COMPANIES. ALL OUR ROLES ARE W2 AND NO 3RD PARTY BROKERING PLEASE.

Candidates must be willing to work directly as a full-time W2 employee of Bright Vision Technologies and contribute to our in-house SOW deliverables.

No new H1B sponsorship is available for this role.

However, candidates who are currently on a valid H1B visa and require a transfer are welcome to apply. We will support H1B transfers for qualified candidates.

For every role, a technical coding assessment is mandatory. Please apply only if you are confident in your technical abilities and hands-on experience.

Job Summary

We are seeking an Data Loss Engineer who has spent years thinking adversarially about how sensitive data moves, leaks, and gets exfiltrated — not just enforcing policies, but understanding every layer of how data can be abused, detected, and protected. If you've built content inspection pipelines, tuned classification policies against real insider threat cases, or reverse-engineered an exfiltration channel that bypassed existing controls, this is the team you want to be on.

As an Information Security Engineer focused on Data Loss Prevention, you'll own the security of Palantir's global data protection program. Your team runs 24/7 prevention, detection, and investigation of data security events across our entire environment. The adversaries we face are sophisticated. We need someone who is more so.

Key Responsibilities

• Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold.

Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots
• Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls
• Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene
• Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration
• Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence
  
  

Required Qualifications

Data Loss Prevention

• Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data
• Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels
• Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind
• Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies
  
  

Data Security Fundamentals

• Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement
• Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient
• Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure
• Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting
  
  

Detection & Response

• Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures
• Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors
• Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations
  
  

  Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

What We Value

• Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores
• Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft
• Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection
  
  

Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field (or equivalent experience)
• 7+ years of experience in network security engineering, with a meaningful portion in cloud environments
• Hands-on production experience securing at least one of AWS, Azure, or GCP — VPCs/VNets, IAM, security groups/NSGs, cloud firewalls, encryption
• Working proficiency with at least one scripting language (Python, Bash, PowerShell) and willingness to use it daily
• Experience with network security tooling: firewalls, VPNs, IDS/IPS, DLP, encryption
• Strong written and verbal communication skills
  
  

How to Apply

Would you like to know more about this opportunity?

For immediate consideration, please send your resume to venkat.r@bvteck.com or contact us at (908) 505-3899. Learn more about Bright Vision Technologies at www.bvteck.com.

We recognize that our people are our strength, and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company.

We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.

Bright Vision Technologies is an Equal Opportunity Employer, including Disability/Veterans.

Position offered by “No Fee Agency.”

Equal Employment Opportunity (EEO) Statement

Bright Vision Technologies (BV Teck) is committed to equal employment opportunity (EEO) for all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, veteran status, or any other protected status as defined by applicable federal, state, or local laws. This commitment extends to all aspects of employment, including recruitment, hiring, training, compensation, promotion, transfer, leaves of absence, termination, layoffs, and recall.

BV Teck expressly prohibits any form of workplace harassment or discrimination. Any improper interference with employees' ability to perform their job duties may result in disciplinary action up to and including termination of employment.

Powered by JazzHR

ljSz2MpI2V