Information Security Engineer

We are seeking an Information Security Engineer (3–5 years experience) with hands on expertise in data security, DLP, and security automation, with growing exposure to AI security. This role will support and mature enterprise data protection capabilities while helping operationalize data security cleanup workflows through automation and cross team coordination.

The ideal candidate is comfortable executing and improving DLP controls, building automation to drive remediation, and partnering with application, platform, and business teams to reduce data risk at scale. The role offers opportunities to lead smaller initiatives or assist senior engineers on larger data security and AI governance efforts.

Key Responsibilities

Data Security & DLP Operations

• Assist in the implementation, tuning, and ongoing operation of DLP and data protection controls across M365, endpoints, email, SaaS, and cloud platforms

• Maintain and refine DLP policies, classifiers, and detections to improve precision and reduce false positives

• Support enterprise data discovery, classification, and exposure reduction efforts

• Participate in data security incident triage, investigation, and remediation coordination

Security Automation & Data Cleanup Enablement

• Design and maintain automation workflows to support data security cleanup and remediation, including:

• Automated email notifications to data owners

• Jira / ticketing automation for tracking remediation actions

• Workflow-driven follow‑ups and escalation paths

• Use tools such as Power Automate, Jira automation, or similar platforms to reduce manual effort and improve consistency

• Partner with data owners and technical teams to:

• Communicate findings clearly

• Provide guidance and assistance with cleanup where needed

• Track remediation progress to closure

Tooling & Platform Support

• Hands‑on configuration and operational support for:

• Microsoft Purview (Sensitivity Labels, DLP, Endpoint DLP, Data Classification)

• Microsoft Defender (Endpoint and Cloud App data protection features)

• Varonis (data discovery, access analytics, exposure and over‑permission analysis)

• Proofpoint (email DLP and sensitive data monitoring)

• Lightbeam or similar data access governance tools

• Support reporting, dashboards, and audit‑ready evidence for data security controls

AI Security & Responsible AI Support

• Assist with AI security reviews, ensuring sensitive data is not shared with unauthorized AI tools

• Support AI intake and approval workflows by validating:

• Data scope

• Access controls

• Guardrails aligned with security and privacy requirements

• Help enforce technical and procedural AI usage boundaries.

Secrets & Secure Configuration Awareness

• Maintain working knowledge of secrets management concepts, including:

• Secure storage of credentials, tokens, and keys

• Appropriate usage of enterprise secret vaults (e.g., Azure Key Vault, HashiCorp Vault, CyberArk or equivalents)

• Help identify and remediate:

• Hard‑coded secrets

• Credentials stored in code repositories, scripts, or documentation

• High Risk PII, PCI data

• Partner with engineering teams to promote secure secrets handling practices

Governance, Risk & Compliance

• Support data security controls aligned with PCI DSS, SOC 2, NIST, ISO 27001, GDPR/CCPA

• Contribute to policies, standards, and SOPs related to data handling, DLP, automation, and AI usage

• Assist with audit preparation and evidence collection

Job Summary

Plans, designs, and builds security architectures for the organization. Implements network and computer security and ensures compliance with information security policies and procedures.

Major Tasks, Responsibilities, and Key Accountabilities

• Initiates security response procedures when a problem is detected, including resolving incident tickets.
• Updates Computer Security Incident Response Team (CSIRT) documentation and procedures.
• Writes code or script to automate, monitor, and test security solutions.
• Assists in designing, building, configuring, and maintaining cybersecurity threat defense capabilities and user access management.
• Maintains cybersecurity requirements for network, system, and/or application technologies.
• Configures and installs security technologies, such as firewalls, intrusion detection systems, and access controls and implements software fixes to remove system vulnerabilities.
• Performs daily reviews of operating system and network changes and works with system engineers to deploy patches and address vulnerabilities.
• Manages security objects, including SSL Certificates, PGP and private keys, system passwords, anti-virus applications, spyware and malware solutions, and identity management.
  

Nature and Scope

• Demonstrates skill in data analysis techniques by resolving missing/incomplete information and inconsistencies/anomalies in more complex research/data.
• Nature of work requires increasing independence; receives guidance only on unusual, complex problems or issues. Work review typically involves periodic review of output by a supervisor and/or direct customers of the process.
• May provide general guidance/direction to or train junior level support or professional personnel.

Work Environment

• Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
• Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
• Typically requires overnight travel 5% to 20% of the time.

Education and Experience

• Typically requires BS/BA in a related discipline. Generally 2-5 years of experience in a related field OR MS/MA and generally 2-4 years of experience in a related field. Certification is required in some areas.

Our Goals for Diversity, Equity, and Inclusion

We are committed to creating a culture that promotes equity, respect, and advocacy for every HD Supply associate. We value the diversity of our people.

Equal Employment Opportunity

HD Supply is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.