The Cloud Security Engineer will lead the design, implementation, and ongoing optimisation of Data Loss Prevention (DLP) and data protection controls across the organisation along with other security platforms administered by the Information Security team. The role is responsible for reducing the risk of data leakage, ensuring compliance with regulatory and contractual obligations, and embedding strong data security practices across cloud, endpoint, email, and SaaS platforms. This is a hands-on technical role with strategic influence, working closely with IT, Legal, Risk, Compliance, and the business. Roles and Responsibility -Data Loss Prevention Design, implement, and maintain enterprise DLP strategies across endpoints, email, cloud services, and SaaS platforms. Configure and tune DLP policies to detect, prevent, and monitor the unauthorised movement of sensitive data (PII, financial data, IP, client data, etc.) Lead DLP solution deployments and integrations using Microsoft Purview DLP & Palo Alto) Reduce false positives through continuous policy optimisation and data classification refinement. Investigate DLP alerts, perform root cause analysis, and recommend corrective actions. Data Classification & Governance Define and maintain data classification frameworks and labelling standards. Partner with data owners to identify critical data assets and appropriate protection levels. Align DLP controls with data governance, retention, and privacy requirements (GDPR, ISO 27001, etc.) Security Engineering & Architecture Act as a subject matter expert for data protection within security architecture discussions. Ensure DLP controls are embedded into cloud and digital transformation initiatives. Collaborate with IAM, endpoint security, SOC, and cloud security teams. Contribute to security design reviews and threat modelling exercises. Recurring reviews of existing technology stack including O365, Mail Security, IDP (Entra ID) & others. Plan & implement improvements based on reviews. Incident Response & Monitoring Support security incident response activities involving data exposure or leakage. Develop playbooks for DLP-related incidents. Provide metrics and reporting on data protection risks and trends. Stakeholder Engagement Work with Legal, Compliance, HR, and Risk teams on data protection initiatives. Translate technical DLP concepts into business-friendly language. Provide guidance and mentoring to junior security engineers. Technical Strong hands-on experience with Data Loss Prevention technologies Experience protecting data across endpoints, email, cloud (M365/Azure), BOX, Proofpoint Palo Alto, and SaaS Knowledge of data classification, information protection, and sensitivity labelling Understanding of encryption, tokenisation, and secure data handling Experience integrating DLP with SIEM/SOC workflows. Scripting or automation experience (PowerShell, Python, etc.) is desirable. Security & Compliance Strong understanding of GDPR, data privacy principles, and regulatory compliance Familiarity with ISO 27001, NIST, & SOC2 frameworks Experience working in regulated or data-sensitive environments. Desirable Qualifications CISSP, CISM, or CCSP Microsoft Security certifications (e.g. SC-100, SC-400) Cloud security certifications (Azure) Skill/KnowledgeDesirable Competencies: MDM Management Experience Specifically, Intune Specifically Manage Engine Endpoint Central MDM Policy Management & Deployment Active Directory, Entra ID & Privileged Access Hands on experience of Active Directory & Entra ID Administration of privileged accounts Privileged Identity Management Mail Gateway Experience Message Delivery Investigation Message flow understanding Mail authentication (SPF/DKIM/DMARC) Mail Detection optimization (False Positive / False Negative) False Negative Delivered Remediation (Malware, Phishing) Internal Phishing Program & Training Releases Endpoint Detection Response Experience Specifically, CrowdStrike Detection investigation & forensics Detection remediation Networking Specifically, Palo Alto Specifically, Cloudflare Good understanding of firewall policies Good understanding of web application firewall policies Good understanding of switching & wireless networks Understanding of SASE infrastructure Creation & management of firewall policies Network traffic investigation (threat hunting & user traffic investigation) Threat Vulnerability Hands-on experience running scheduled threat vulnerability scans using Tenable, Rapid7 or similar platforms Against internal infrastructure, externally facing infrastructure and web applications Hands-on experience of end-to-end process from detection to remediation of vulnerability Producing monthly statistics on threat vulnerability (new vulnerabilities, vulnerabilities remediated) EXPERIENCE: 8 years of security experience in technology. 3-5 years' experience working in a similar role. Experience troubleshooting systems. Excellent written and oral communication skills in English.
Job Title
Cloud Security Engineer