Who We Are
At Kyndryl, we run and reimagine the mission-critical technology systems that drive advantage for the world’s leading businesses. We are at the heart of progress; with proven expertise and a continuous flow of AI-powered insight, enabling smarter decisions, faster innovation, and a lasting competitive edge. For our people—Kyndryls—that means doing purposeful work that powers human progress. Join us and experience a flexible, supportive environment where your well-being is prioritized and your potential can thrive.
The Role
1. Incident Review & Investigation
Review, analyze, and validate DLP and CASB alerts escalated by L1 analysts, ensuring accurate triage and risk classification.
Investigate potential cases of data exfiltration, misuse, or policy violations across multiple channels:
Email (O365, Exchange Online Protection, Gmail)
Endpoint (Device Agents, Removable Media)
Web/Cloud Applications (Box, OneDrive, SharePoint, Google Drive, Salesforce, etc.)
Correlate events across systems (DLP, CASB, SIEM, and EDR) to identify multi-vector data leakage attempts.
Escalate confirmed incidents with detailed context, evidence, and recommended containment actions to L3 SMEs or Incident Response teams.
Participate in Root Cause Analysis (RCA) for confirmed data leakage incidents and propose preventive actions.
2. Policy Management & Tuning
Collaborate with DLP/CASB SMEs to fine-tune detection rules, thresholds, and patterns to reduce false positives while maintaining high detection fidelity.
Implement rule and policy changes based on evolving business and regulatory requirements (typically 10–50 changes per month for CASB).
Manage policy lifecycle processes, including testing, deployment, rollback, and documentation.
Contribute to the development of custom detection patterns, data classifiers, and policy templates aligned with organizational data categories (PII, PCI, IP, etc.).
Maintain synchronization and policy consistency across cloud and endpoint channels.
3. Platform Operations & Maintenance
Monitor and ensure operational health and performance of DLP and CASB platforms (e.g., Forcepoint, Netskope, Microsoft Defender for Cloud Apps, Symantec, McAfee, or Palo Alto Prisma Access).
Validate integration with SIEM and ITSM tools (e.g., ServiceNow, Microsoft Sentinel, Splunk) for alert ingestion, incident tracking, and reporting.
Coordinate with OEM vendors and internal platform teams for:
Product patching and upgrades
Rule deployment validation
Performance tuning and incident troubleshooting
Maintain system hygiene, ensuring agents, connectors, and sensors are active and updated across all endpoints and applications.
Conduct periodic configuration reviews to validate coverage, data patterns, and rule logic.
4. Governance, Reporting & Compliance
Maintain comprehensive incident logs, RCA records, and policy change documentation.
Support creation of monthly dashboards, SLA reports, and KPI summaries related to DLP/CASB operations.
Participate in governance forums, audit reviews, and client-facing reporting sessions to present performance trends, risk metrics, and improvement plans.
Ensure data protection configurations align with compliance frameworks (e.g., GDPR, HIPAA, PCI DSS, ISO 27001).
Collaborate with risk and compliance teams to align detection and response strategies with corporate data handling policies.
5. Collaboration & Continuous Improvement
Work closely with L1 monitoring teams, providing guidance on triage, escalation, and classification best practices.
Support cross-skilling initiatives and assist in developing and updating SOPs, knowledge base articles, and training materials.
Participate in threat modelling and data exfiltration use case development to enhance proactive detection and prevention capabilities.
Identify and recommend automation opportunities for incident enrichment, false-positive suppression, and report generation.
Who You Are
6–10 years of hands-on experience in DLP/CASB engineering, administration, or operations.
Strong technical expertise in at least one enterprise DLP platform:
Forcepoint DLP
Symantec DLP
Microsoft Purview (formerly MIP/DLP)
McAfee DLP
Proficiency in CASB technologies, such as:
Netskope
Microsoft Defender for Cloud Apps
McAfee MVISION Cloud
Palo Alto Prisma Cloud Access Security Broker
Good understanding of data classification, content inspection, encryption, and endpoint agents.
Familiarity with SIEM platforms (e.g., Sentinel, Splunk, QRadar) and ITSM workflows (ServiceNow, Jira).
Experience integrating DLP and CASB with email, endpoint, and SaaS ecosystems.
Strong analytical, investigation, and documentation skills for incident triage and RCA.
Working knowledge of network protocols, APIs, and cloud security architecture (SaaS/IaaS/PaaS).
Being You
The “Kyn” in Kyndryl means kinship, which represents the strong bonds we have with each other, our customers and our communities. We focus on ensuring all Kyndryls feel included and we welcome people of all cultures, backgrounds, and experiences. Even if you don’t meet every requirement, we encourage you to apply. We believe in growth, and we’re excited to see what you can bring. At Kyndryl, employee feedback has told us that our number one driver of employee engagement is belonging. That sense of belonging — being a valued, respected, trusted member of the team — is fundamental to our culture and fueling great experiences for our customers. This dedication to welcoming everyone into our company means that Kyndryl gives you the ability to thrive and contribute to our culture of empathy and shared success. That’s The Kyndryl Way.
What You Can Expect
Your career with us isn’t just a job—it’s an adventure with purpose. We offer a dynamic, hybrid-friendly culture that supports your well-being and empowers you to grow. Our Be Well programs are thoughtfully designed to support your financial, mental, physical, and social health—because we know that when you feel your best, you do your best.
From your very first day, you’ll dive into impactful work that powers the systems our customers rely on every day. You won’t just contribute—you’ll make a difference, tackling meaningful projects that sharpen your skills and fuel your growth.
We’re here to champion your journey. With powerful tools to chart your career path, personalized development goals aligned with your ambitions, and continuous feedback to keep you inspired and on track, you’ll have everything you need to thrive and evolve. You’ll develop in-demand skills to grow your career and achieve your ambitions with access to cutting-edge learning opportunities—from certifications with Microsoft, Google, and Amazon to coaching and hands-on experiences. And through it all, you’ll be part of a culture that values empathy, restless learning, and a devotion to shared success.
We want you to thrive here—and we’re committed to helping you do just that. Ready to make an impact? Join us and help shape what’s next.
Get Referred!
If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.