Senior Security Analyst -SOC

The Senior Security Analyst-SOC is responsible for the end-to-end management of Data Loss Prevention operations across the enterprise. This role focuses on investigating DLP alerts generated across cloud, email, endpoint, OT, and removable media channels, handling DLP incidents from detection through remediation, and ensuring data security policies are effectively enforced. The analyst serves as a technical escalation point from L1 and collaborates closely with the Security Operations Center, Incident Response, Compliance, teams to protect sensitive organizational data from unauthorized access, leakage, or exfiltration.

The ideal candidate brings deep hands-on expertise with industry-leading DLP platforms and demonstrates the ability to independently manage the full DLP lifecycle from policy creation and tuning to alert investigation, incident response, and stakeholder reporting with minimal supervision.

● Monitor and investigate DLP alerts across cloud, email, endpoint, OT, and USB/removable media channels on a day-to-day basis.

● Perform end-to-end DLP incident handling: triage, investigation, root cause analysis, containment, remediation, and closure.

● Classify incidents by severity and data sensitivity, escalate critical incidents to the Stakeholders or management per defined SLAs

● Correlate DLP findings with identity, endpoint, and cloud telemetry to establish full incident context and impact.

● Maintain accurate, detailed documentation of investigations, timelines, and remediation actions.

● Prepare regular DLP operational reports covering alert volumes, incident trends, false positive rates, and policy effectiveness

● Participate in post-incident reviews and contribute to lessons-learned and improvement initiatives

● Design, create, and refine DLP policies covering cloud (CASB), email, endpoint, and OT/industrial environments.

● Tune existing DLP policies to reduce false positives, improve detection accuracy, and align with evolving business requirements

● Maintain and update DLP dictionaries, regular expressions, sensitive data identifiers, and classification rules.

● Monitor DLP platform health, connector status, and policy deployment and tool-related issues.

● 4 to 6 years of hands-on experience in Data Loss Prevention, Data Security, or a related cybersecurity operations role.

● Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent practical experience)

● Proven experience of handling DLP alert investigation, incident response, and remediation and policy creation, tuning.

● Hands-on experience with one or more DLP platforms: Netskope, Microsoft Purview, Forcepoint DLP, Palo Alto Networks

● Experience with SIEM platforms (Sentinel, Splunk, QRadar) for correlating DLP events with broader security telemetry.

● Relevant Certifications: CySA+, CCSP, CEH, GCIA, GCIH

● Any vendor-specific DLP certifications (Netskope, Forcepoint, Varonis, Palo Alto)

● Deep understanding of cloud, email, endpoint, OT, and removable media DLP mechanisms, detection logic, and coverage gaps.

● Ability to independently create, tune, maintain, and govern DLP policies aligned to regulatory and business requirements

● Experience driving DLP incidents end-to-end: from initial detection through containment, user engagement, and formal closure

● Solid grasp of data classification tiers, sensitive data types (PII, PCI, PHI, IP), and their handling obligations

● Ability to correlate data signals across multiple tools and telemetry sources to reconstruct incident timelines and identify root cause

● Effective communication skills for technical and non-technical stakeholders

● Ability to work in a 24x7 rotational shift environment