Specialist

Job Description: L3 Data and cloud Security specialist – PKI, DLP, CASB, Security Awareness

As a L3 Data Security Engineer with expertise in Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), and Security Awareness programs.

• PKI (ADCS, Venafi, DigiCert): Administer and troubleshoot enterprise PKI infrastructure including Microsoft ADCS. Manage certificate lifecycle: issuance, renewal, revocation, and CRL/OCSP validation. Integrate Venafi for certificate automation and orchestration across multi-cloud/hybrid environments. Manage external SSL/TLS certificates with DigiCert, including domain validation and SAN/Wildcard certs. Perform PKI health checks, vulnerability remediation, and root/intermediate CA maintenance. Define and implement certificate governance and key management best practices.
• Data Loss Prevention (DLP) – Microsoft Purview, Trellix, Netskope: Design, implement, and fine-tune DLP policies across endpoint, email, and cloud channels. Manage Microsoft Purview DLP including sensitive information types, EDMs, and trainable classifiers. Operate Trellix (McAfee) and Netskope DLP for endpoint and policy enforcement. Lead false positive tuning, incident analysis, and cross-platform correlation.
• Cloud Access Security Broker (CASB) – Defender for Cloud Apps, Netskope: Deploy, manage, and optimize Microsoft Defender for Cloud Apps (MDCA) for SaaS discovery, OAuth app governance, and conditional access enforcement. Operate Netskope CASB for inline and API mode enforcement. Implement shadow IT discovery, sanctioned app policies, and anomaly detection.
• Security Awareness & Compliance: Administer and manage Phishing Simulation and Security Awareness Training using ZenGuide (PSAT) and Mimecast platforms. Design and execute quarterly training programs and phishing campaigns to evaluate and improve user security behavior. Analyze campaign outcomes and prepare monthly and quarterly reports on user behavior trends, risk scoring, and training effectiveness for customer stakeholders.

Lead and mentor L1/L2 teams, providing guidance, technical escalation support, and task prioritization. Ensure 24x7 operational coverage for shared services customers by managing rosters, delegations, and escalations. Collaborate with management to plan skill development, cross-skilling, and performance improvements. Drive process improvements and automation to enhance efficiency.

• Strong expertise in PKI lifecycle management, CA hierarchy, and certificate automation.
• In-depth knowledge of DLP architecture (endpoint, network, cloud) and policy tuning.
• Hands-on experience with CASB solutions (MDCA, Netskope) and cloud security governance.
• Proven ability to analyze incidents, troubleshoot complex integrations, and optimize policies.
• Scripting and automation skills using PowerShell, Python, or API integrations for repetitive tasks.
• Understanding of compliance frameworks (ISO 27001, GDPR, HIPAA, PCI-DSS).

8+ years of experience in data security. Hands-on expertise in ADCS, Venafi, DigiCert, Purview DLP, Trellix DLP, Netskope DLP/CASB, and MDCA. Certifications preferred MCSE, SC-200, Trellix DLP, Netskope Certified Cloud Security Administrator (NCCSA), CompTIA Security+.