CVS HealthRemote
Senior Cloud Data Security Engineer
United States of America
Full Time
4 hours ago
$102,000 - $204,000 USD
No H1B
Key skills
AIMLGenerative AIMLOpsAnalyticsBIPower BIAWSAzureGCPSplunkLeadershipCollaborationNetwork SecurityCloud SecurityZero TrustFirewall
About this role
CVS Health is a company dedicated to providing a compassionate health experience. They are seeking a Senior Cloud Data Security Engineer to protect sensitive data assets and enhance enterprise DLP capabilities across various environments.
Responsibilities:
- Design, implement, and mature enterprise DLP policies and controls across cloud, endpoint, email, and network channels
- Support the full DLP program lifecycle, including strategy, policy development, rule tuning, and continuous improvement
- Lead data classification and labeling initiatives to ensure consistent governance of PII, PHI, PCI, and proprietary data
- Monitor, investigate, and respond to data leakage incidents; manage cases, perform root cause analysis, and drive remediation to closure
- Develop dashboards, metrics, and reporting to communicate DLP effectiveness, risk posture, and trends to leadership
- Automate DLP enforcement, incident triage, and response workflows to improve accuracy and reduce manual effort
- Extend DLP capabilities to cloud‑native and hybrid environments, leveraging CASB, CNAPP, CSPM, SASE, and Zero Trust architectures
- Lead shadow AI discovery and enforce DLP controls across sanctioned and unsanctioned AI services
- Design and implement data protection controls for AI/ML workloads, pipelines, model training, and outputs
- Enforce secure data handling for generative AI, LLMs, and MLOps platforms to prevent improper ingestion, exposure, or transmission of sensitive data
- Partner with business and technology leaders to define DLP strategy, roadmaps, and priorities aligned to regulatory and risk requirements
- Align DLP controls with industry frameworks such as NIST, CIS, CSA, and MITRE ATLAS
- Serve as a subject matter expert on data protection for initiatives including cloud migrations, AI platform deployments, and M&A activities
- Collaborate with infrastructure, operations, data science, and application teams to embed DLP into architecture and operational processes
- Drive a low‑friction, user‑centric security experience while maintaining strong data protection outcomes
- Act as the organizational authority on DLP, cloud data security, and AI/ML data protection best practices
Requirements:
- 5+ years of experience implementing and supporting cloud security solutions in large enterprise environments, with a strong focus on DLP
- 5+ years of hands‑on experience with enterprise DLP platforms such as Microsoft Purview, Zscaler, and Palo Alto
- 5+ years of experience designing and enforcing DLP policies across cloud, endpoint, email, and network channels
- 5+ years of experience in at least two of the following cloud platforms: AWS, Azure, GCP, including data protection implementations
- 5+ years of experience with Zero Trust, CASB, CSPM, and Conditional Access frameworks
- Bachelor's degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience)
- 3+ years of experience using Regex for DLP policies and leveraging tools such as Splunk, Chronicle, or Power BI for analytics
- 3+ years of experience with network security, email security, and firewall technologies related to data exfiltration prevention
- 3+ years of experience securing AI/ML platforms, including exposure to LLMs, generative AI, and MLOps, with a data protection focus
- Proven experience leading DLP and data protection engineering initiatives in collaboration with cross‑functional teams
- Ability to provide off‑hours and weekend support on short notice when required