**Who We Are** At Kyndryl, we run and reimagine the mission-critical technology systems that drive advantage for the world’s leading businesses. We are at the heart of progress; with proven expertise and a continuous flow of AI-powered insight, enabling smarter decisions, faster innovation, and a lasting competitive edge. For our people—Kyndryls—that means doing purposeful work that powers human progress. Join us and experience a flexible, supportive environment where your well-being is prioritized and your potential can thrive. **The Role** **Key Responsibilities** **1. Incident Review & Investigation** + Review, analyze, and validate **DLP and CASB alerts** escalated by **L1 analysts** , ensuring accurate triage and risk classification. + Investigate potential cases of **data exfiltration, misuse, or policy violations** across multiple channels: + **Email (O365, Exchange Online Protection, Gmail)** + **Endpoint (Device Agents, Removable Media)** + **Web/Cloud Applications (Box, OneDrive, SharePoint, Google Drive, Salesforce, etc.)** + Correlate events across systems (DLP, CASB, SIEM, and EDR) to identify **multi-vector data leakage attempts** . + Escalate **confirmed incidents** with detailed context, evidence, and recommended containment actions to **L3 SMEs or Incident Response teams** . + Participate in **Root Cause Analysis (RCA)** for confirmed data leakage incidents and propose preventive actions. **2. Policy Management & Tuning** + Collaborate with **DLP/CASB SMEs** to **fine-tune detection rules** , thresholds, and patterns to reduce **false positives** while maintaining high detection fidelity. + Implement **rule and policy changes** based on evolving business and regulatory requirements (typically **10–50 changes per month for CASB** ). + Manage **policy lifecycle processes** , including **testing, deployment, rollback, and documentation** . + Contribute to the **development of custom detection patterns** , **data classifiers** , and **policy templates** aligned with organizational data categories (PII, PCI, IP, etc.). + Maintain synchronization and policy consistency across **cloud and endpoint channels** . **3. Platform Operations & Maintenance** + Monitor and ensure **operational health and performance** of DLP and CASB platforms (e.g., **Forcepoint, Netskope, Microsoft Defender for Cloud Apps, Symantec, McAfee, or Palo Alto Prisma Access** ). + Validate **integration with SIEM and ITSM tools** (e.g., **ServiceNow** , **Microsoft Sentinel** , **Splunk** ) for alert ingestion, incident tracking, and reporting. + Coordinate with **OEM vendors and internal platform teams** for: + Product patching and upgrades + Rule deployment validation + Performance tuning and incident troubleshooting + Maintain **system hygiene** , ensuring agents, connectors, and sensors are active and updated across all endpoints and applications. + Conduct **periodic configuration reviews** to validate coverage, data patterns, and rule logic. **4. Governance, Reporting & Compliance** + Maintain comprehensive **incident logs** , **RCA records** , and **policy change documentation** . + Support creation of **monthly dashboards, SLA reports, and KPI summaries** related to DLP/CASB operations. + Participate in **governance forums** , **audit reviews** , and **client-facing reporting sessions** to present performance trends, risk metrics, and improvement plans. + Ensure **data protection configurations** align with **compliance frameworks** (e.g., GDPR, HIPAA, PCI DSS, ISO 27001). + Collaborate with risk and compliance teams to align detection and response strategies with **corporate data handling policies** . **5. Collaboration & Continuous Improvement** + Work closely with **L1 monitoring teams** , providing guidance on triage, escalation, and classification best practices. + Support **cross-skilling initiatives** and assist in developing and updating **SOPs, knowledge base articles, and training materials** . + Participate in **threat modelling** and **data exfiltration use case development** to enhance proactive detection and prevention capabilities. + Identify and recommend **automation opportunities** for incident enrichment, false-positive suppression, and report generation. **Who You Are** **Required Skills & Experience** + **6–10 years** of hands-on experience in **DLP/CASB engineering, administration, or operations** . + Strong technical expertise in **at least one enterprise DLP platform** : + **Forcepoint DLP** + **Symantec DLP** + **Microsoft Purview (formerly MIP/DLP)** + **McAfee DLP** + Proficiency in **CASB technologies** , such as: + **Netskope** + **Microsoft Defender for Cloud Apps** + **McAfee MVISION Cloud** + **Palo Alto Prisma Cloud Access Security Broker** + Good understanding of **data classification** , **content inspection** , **encryption** , and **endpoint agents** . + Familiarity with **SIEM platforms** (e.g., Sentinel, Splunk, QRadar) and **ITSM workflows** (ServiceNow, Jira). + Experience integrating **DLP and CASB with email, endpoint, and SaaS ecosystems** . + Strong analytical, investigation, and documentation skills for incident triage and RCA. + Working knowledge of **network protocols, APIs, and cloud security architecture (SaaS/IaaS/PaaS)** . **Being You** The “Kyn” in Kyndryl means kinship, which represents the strong bonds we have with each other, our customers and our communities. We focus on ensuring all Kyndryls feel included and we welcome people of all cultures, backgrounds, and experiences. Even if you don’t meet every requirement, we encourage you to apply. We believe in growth, and we’re excited to see what you can bring. At Kyndryl, employee feedback has told us that our number one driver of employee engagement is belonging. That sense of belonging — being a valued, respected, trusted member of the team — is fundamental to our culture and fueling great experiences for our customers. This dedication to welcoming everyone into our company means that Kyndryl gives you the ability to thrive and contribute to our culture of empathy and shared success. That’s The Kyndryl Way. **What You Can Expect** Your career with us isn’t just a job—it’s an adventure with purpose. We offer a dynamic, hybrid-friendly culture that supports your well-being and empowers you to grow. Our Be Well programs are thoughtfully designed to support your financial, mental, physical, and social health—because we know that when you feel your best, you do your best. From your very first day, you’ll dive into impactful work that powers the systems our customers rely on every day. You won’t just contribute—you’ll make a difference, tackling meaningful projects that sharpen your skills and fuel your growth. We’re here to champion your journey. With powerful tools to chart your career path, personalized development goals aligned with your ambitions, and continuous feedback to keep you inspired and on track, you’ll have everything you need to thrive and evolve. You’ll develop in-demand skills to grow your career and achieve your ambitions with access to cutting-edge learning opportunities—from certifications with Microsoft, Google, and Amazon to coaching and hands-on experiences. And through it all, you’ll be part of a culture that values empathy, restless learning, and a devotion to shared success. We want you to thrive here—and we’re committed to helping you do just that. Ready to make an impact? Join us and help shape what’s next. **Get Referred!** If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address. Kyndryl is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. Kyndryl is also committed to compliance with all fair employment practices regarding citizenship and immigration status.