Back to jobsApply
Included Health

Access. Answers. Advocacy. We're raising the standard of healthcare for everyone.

Senior Security Operations Engineer

Full TimeRemoteTeam 1,001-5,000Company SiteLinkedIn

Location

United States

Posted

5 days ago

Salary

$138.4K - $254.1K / year

Bachelor Degree5 yrs expEnglishAWSCloudPythonSplunkSQL

Job Description

• Lead the response to DLP and data security incidents, including investigation, containment, remediation, and root cause analysis for suspected data exfiltration or improper data handling. • Own the deployment, configuration, and continuous tuning of DLP controls across endpoints, network egress, SaaS applications, and cloud storage to protect PHI, PII, PCI, and other sensitive data. • Develop and maintain DLP policies, rules, and classifications that balance security, usability, and regulatory/client requirements. • Build and refine automated response playbooks and workflows that enrich, triage, and respond to DLP alerts, reducing manual effort and mean time to respond. • Perform proactive hunting for anomalous data movement, including unusual destinations, channels, or volumes, using DLP telemetry, EDR, SIEM, and identity signals. • Partner with Security Engineering, IT, Legal, Privacy, Compliance, and business stakeholders to design and enforce secure data-handling patterns and exception processes. • Contribute to broader incident response activities where data exposure or regulatory impact is a concern, including evidence handling and stakeholder communication. • Define and track key DLP metrics (coverage, detection quality, MTTD/MTTR, false positive rate) and communicate progress to security leadership and cross-functional partners.

Job Requirements

  • Minimum 5+ years of hands-on experience in security operations, incident response, or security engineering roles, with a strong emphasis on data protection and DLP.
  • Direct, hands-on experience deploying, tuning, and operating DLP tools (endpoint, network, SaaS, and/or cloud) in a production environment.
  • Experience implementing and operating Cloud Access Security Broker (CASB) or similar SaaS security controls
  • Deep experience integrating DLP signals into SIEM/SOAR workflows (e.g., CrowdStrike, Splunk, Sentinel)
  • Advanced scripting/automation skills (e.g., Python, PowerShell, KQL/SQL) used to enrich, tune, and report on DLP/IR telemetry at scale.
  • Proven experience with Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne) and using them alongside DLP to investigate and contain data-focused incidents.
  • Strong experience with cloud data protection in AWS, including identifying and remediating misconfigurations, and leveraging native security services (e.g., GuardDuty, Security Hub) and CSPM tooling.
  • Experience designing and maintaining data classification and policy frameworks for PHI, PII, PCI, and other sensitive data types.

Benefits

  • Remote-first culture
  • 401(k) savings plan through Fidelity
  • Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
  • Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
  • Generous Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
  • 12 weeks of 100% Paid Parental leave
  • Up to $25,000 Fertility and Family Building Benefit
  • Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
  • 11 Holidays Paid with one Floating Paid Holiday
  • Work-From-Home reimbursement to support team collaboration and effective home office work
  • 24 hours of Paid Volunteer Time Off ("VTO") Per Year to Volunteer with Charitable Organizations

Related Categories

Security Operations

Related Job Pages

Remote Full-time Jobs (US)Remote Python Jobs (US)More US Remote Jobs