Insider Risk & Data Protection Engineer
Responsibilities
Peraton is seeking an Insider Risk & Data Protection Engineer to join the Insider Risk and Data Protection (IR/DLP) Team within Corporate Security Compliance & Risk. This is an individual contributor role focused on the day-to-day technical execution of the enterprise Data Loss Prevention (DLP) program, digital activity reviews, and response to data spills and compromises involving Controlled Unclassified Information (CUI) and other sensitive data.
The analyst will work closely with the IR/DLP team, Cybersecurity, Legal, HR, Privacy, and program security stakeholders to detect, investigate, and remediate insider risk and data protection events. Ideal candidates are technically hands-on, detail-oriented, exercise strong discretion, and are comfortable operating defensible investigative processes in a regulated government-contracting environment.
Responsibilities
DLP Administration & Program Expansion
- Administer, tune, and expand coverage of the enterprise DLP platform(s) across endpoint, email, network, cloud, and SaaS channels.
- Build, test, and refine DLP policies, rules, classifications, and detection use cases aligned to insider risk scenarios and regulatory drivers (CUI, DFARS, ITAR/EAR, PII, IP).
- Triage DLP alerts, reduce false positives, and continuously improve alert fidelity and analyst workflow.
- Support onboarding of new data sources, business units, and telemetry feeds into the DLP and user activity monitoring stack.
- Document standard operating procedures, runbooks, and configuration baselines for the DLP program.
Digital Activity Reviews
- Conduct digital activity reviews of user behavior, data movement, and endpoint activity in support of insider risk inquiries, HR referrals, Legal holds, and management-requested reviews.
- Correlate activity across DLP, EDR, SIEM, identity, email, and cloud audit logs to build clear, fact-based timelines.
- Produce concise written findings appropriate for HR, Legal, and security leadership audiences.
- Maintain defensible documentation, chain-of-custody, and evidence-handling practices throughout each review.
Data Spill & Compromise Response (CUI / DFARS 252.204-7012)
- Serve as a primary responder for data spills and suspected compromises involving CUI, export-controlled, proprietary, or other sensitive data.
- Execute containment, eradication, and sanitization actions in accordance with DFARS 252.204-7012, NIST SP 800-171, and Peraton internal incident response procedures.
- Coordinate notifications and reporting obligations (e.g., DoD Cyber Crime Center / DC3 reporting timelines, customer notifications) with Legal, Contracts, Program Security, and the CSOC.
- Maintain incident records, lessons-learned, and after-action reporting; recommend control improvements to prevent recurrence.
Collaboration & Continuous Improvement
- Partner with the CSOC, IT Operations, Privacy, Legal, HR, and Program Security on cross-functional investigations and response actions.
- Contribute to development of insider risk policies, standards, awareness content, and training.
- Support data analytics, automation, and scripting initiatives that improve investigative efficiency and metrics.
- Provide periodic reporting on DLP, digital activity review, and data spill metrics to IRDP leadership.
- Periodic on-call responsibilities in support of after-hours data spill and insider risk events.
Qualifications
- 8+ years of relevant experience with a Bachelor's degree in Cybersecurity, Information Systems, Intelligence, Criminal Justice, or related field
- 12+ years of relevant experience may be considered in lieu of degree.
- Minimum 5 years of combined experience across DLP administration, insider risk / user activity monitoring, digital forensics, or cybersecurity incident response.
- Minimum 3 years hands-on experience administering an enterprise DLP platform (e.g., Microsoft Purview, Symantec/Broadcom DLP, Forcepoint, Zscaler, Netskope, or equivalent), including policy authoring and tuning.
- Demonstrated experience conducting digital activity reviews or insider-risk investigations, including correlating data across endpoint, email, network, and cloud sources.
- Working knowledge of CUI handling requirements, DFARS 252.204-7012, and NIST SP 800-171.
- Basic proficiency with at least one scripting language (Python, PowerShell, KQL, SPL, or equivalent) for log analysis, automation, or data wrangling.
- Strong written and verbal communication skills, including the ability to translate technical findings into clear, audience-appropriate narratives for HR, Legal, and leadership.
- Strong attention to detail, sound judgment, discretion, and professional demeanor when handling sensitive matters.
- US Citizenship required.
- Ability to obtain a Top Secret security clearance.
- Ability to attend in-person meetings on occasion in Reston, VA.
Preferred Qualifications
- Experience supporting cybersecurity operations within a government contractor, DoD, or other regulated environment.
- Hands-on experience with EDR (e.g., CrowdStrike, Defender for Endpoint, SentinelOne) and SIEM (e.g., Splunk, Sentinel) for investigative workflows.
- Experience with insider risk platforms or UAM tools (e.g., Microsoft Purview Insider Risk Management, DTEX, Proofpoint ITM, Everfox/Forcepoint Insider Threat).
- Familiarity with digital forensics fundamentals (disk, memory, network, and cloud artifacts) and chain-of-custody practices.
- Experience reporting cyber incidents to DC3/DCISE or supporting customer cyber incident notifications.
- Relevant certifications such as GCFE, GCFA, GCIH, GCIA, CFE, CCFP, CISSP, CISM, or vendor-specific DLP/EDR certifications.
Key Success Traits
- Technically curious and operationally pragmatic — comfortable both tuning a policy and writing up an investigation.
- Strong judgment and discretion when handling sensitive personnel and data matters.
- Collaborative; works well across Cyber, Legal, HR, Privacy, and Program Security.
- Calm and methodical under time pressure, particularly during data spill response.
- Comfortable operating in ambiguous or evolving environments.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
