Navsan
Website:
navsan.com
Job details:
The Cloud Security Engineer will lead the design, implementation, and ongoing optimisation of Data Loss Prevention (DLP) and data protection controls across the organisation along with other security platforms administered by the Information Security team. The role is responsible for reducing the risk of data leakage, ensuring compliance with regulatory and contractual obligations, and embedding strong data security practices across cloud, endpoint, email, and SaaS platforms.
This is a hands-on technical role with strategic influence, working closely with IT, Legal, Risk, Compliance, and the business.
Roles and Responsibility -
Data Loss Prevention
- Design, implement, and maintain enterprise DLP strategies across endpoints, email, cloud services, and SaaS platforms.
- Configure and tune DLP policies to detect, prevent, and monitor the unauthorised movement of sensitive data (PII, financial data, IP, client data, etc.)
- Lead DLP solution deployments and integrations using Microsoft Purview DLP & Palo Alto)
- Reduce false positives through continuous policy optimisation and data classification refinement.
- Investigate DLP alerts, perform root cause analysis, and recommend corrective actions.
Data Classification & Governance
- Define and maintain data classification frameworks and labelling standards.
- Partner with data owners to identify critical data assets and appropriate protection levels.
- Align DLP controls with data governance, retention, and privacy requirements (GDPR, ISO 27001, etc.)
Security Engineering & Architecture
- Act as a subject matter expert for data protection within security architecture discussions.
- Ensure DLP controls are embedded into cloud and digital transformation initiatives.
- Collaborate with IAM, endpoint security, SOC, and cloud security teams.
- Contribute to security design reviews and threat modelling exercises.
- Recurring reviews of existing technology stack including O365, Mail Security, IDP (Entra ID) & others. Plan & implement improvements based on reviews.
Incident Response & Monitoring
- Support security incident response activities involving data exposure or leakage.
- Develop playbooks for DLP-related incidents.
- Provide metrics and reporting on data protection risks and trends.
Stakeholder Engagement
- Work with Legal, Compliance, HR, and Risk teams on data protection initiatives.
- Translate technical DLP concepts into business-friendly language.
- Provide guidance and mentoring to junior security engineers.
Technical
- Strong hands-on experience with Data Loss Prevention technologies
- Experience protecting data across endpoints, email, cloud (M365/Azure), BOX, Proofpoint Palo Alto, and SaaS
- Knowledge of data classification, information protection, and sensitivity labelling
- Understanding of encryption, tokenisation, and secure data handling
- Experience integrating DLP with SIEM/SOC workflows.
- Scripting or automation experience (PowerShell, Python, etc.) is desirable.
Security & Compliance
- Strong understanding of GDPR, data privacy principles, and regulatory compliance
- Familiarity with ISO 27001, NIST, & SOC2 frameworks
- Experience working in regulated or data-sensitive environments.
Desirable Qualifications
- CISSP, CISM, or CCSP
- Microsoft Security certifications (e.g. SC-100, SC-400)
- Cloud security certifications (Azure)
Skill/Knowledge
Desirable Competencies:
- MDM Management Experience
- Specifically, Intune
- Specifically Manage Engine Endpoint Central
- MDM Policy Management & Deployment
Active Directory, Entra ID & Privileged Access
- Hands on experience of Active Directory & Entra ID
- Administration of privileged accounts
- Privileged Identity Management
Mail Gateway Experience
- Message Delivery Investigation
- Message flow understanding
- Mail authentication (SPF/DKIM/DMARC)
- Mail Detection optimization (False Positive / False Negative)
- False Negative Delivered Remediation (Malware, Phishing)
- Internal Phishing Program & Training Releases
Endpoint Detection Response Experience
- Specifically, CrowdStrike
- Detection investigation & forensics
- Detection remediation
Networking
- Specifically, Palo Alto
- Specifically, Cloudflare
- Good understanding of firewall policies
- Good understanding of web application firewall policies
- Good understanding of switching & wireless networks
- Understanding of SASE infrastructure
- Creation & management of firewall policies
- Network traffic investigation (threat hunting & user traffic investigation)
Threat Vulnerability
- Hands-on experience running scheduled threat vulnerability scans using Tenable, Rapid7 or similar
- platforms
- Against internal infrastructure, externally facing infrastructure and web applications
- Hands-on experience of end-to-end process from detection to remediation of vulnerability
- Producing monthly statistics on threat vulnerability (new vulnerabilities, vulnerabilities remediated)
EXPERIENCE:
8 years of security experience in technology.
3-5 years' experience working in a similar role.
Experience troubleshooting systems.
Excellent written and oral communication skills in English.
Click on Apply to know more.