Security Consultant - Data Security L3

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you'll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Key Responsibilities

DLP (Data Loss Prevention) Engineering:

• Serve as the primary owner and administrator for the enterprise DLP platform Trellix. This include but not limited to Health check update capacity & available management.
• Architect deploy and maintain DLP agents and policies across endpoints network and cloud (SaaS IaaS) channels.
• Perform data flow analysis (DFA) and develop and fine-tune DLP policies to accurately detect and prevent the exfiltration of sensitive data (e.g. PII PCI PHI Intellectual Property) while minimizing false positives.
• Investigate and respond to DLP alerts leading the incident response process for potential data exfiltration events.
• Integrate DLP with other security systems (SIEM SOAR Email Security) for automated ticketing and enriched investigation.
• Reporting & Dashboarding along with DLP config management policy changes & review

DAM (Database Activity Monitoring) Engineering:

• Manage the DAM solution platform (IBM Guardium) for administration & access management and monitor capture and analyze all database activity in near real-time.
• Deploy and maintain DAM sensors and agents across diverse database environments (e.g. Oracle SQL Server MySQL AWS RDS Azure SQL).
• Create and optimize DAM policies to alert (e.g. PII & financial data) on suspicious activities privileged user misuse and potential data breaches based on the MITRE ATT&CK framework.
• Conduct forensic analysis on database events to support incident investigations and compliance audits.
• Ensure the integrity and performance of the DAM infrastructure.
• Monitoring Report creation review & submission Config management Sharing audit logs during internal and external audits
• Conduct data access reviews anomaly detection Database Risk review reporting
• Daily/Weekly/Monthly schedule and on-demand out of box reporting
• Interfacing with DBA team for testing and troubleshooting DAM controls

Program Management & Optimization:

• Continuously assess the effectiveness of DLP and DAM controls and recommend improvements.
• Develop and maintain detailed documentation of architectures policies procedures and workflows.
• Stay current with emerging data security threats technologies and best practices.
• Manage the lifecycle of the DLP and DAM tools including vendor management licensing and upgrade planning.

Collaboration & Compliance:

• Work closely with the Internal teams to ensure DLP/DAM controls meet regulatory requirements.
• Partner with IT DevOps and database administrators to ensure seamless deployment and minimize business disruption.
• Mentor junior analysts and serve as an escalation point for complex data security incidents.
• Generate and present metrics and reports on data protection program effectiveness to leadership.

Required Qualifications & Experience

• 5+ years of experience in cybersecurity with at least 3 years of hands-on dedicated experience managing both DLP and DAM platforms.
• Proven experience in deploying configuring and tuning a major enterprise DLP solution.
• Proven experience in deploying configuring and tuning a major DAM solution including the management of sensors and database activity policies.
• Strong understanding of data classification frameworks and regulatory requirements.
• Good knowledge of database structures SQL queries and common database platforms.
• Practical understanding of network protocols (HTTP/S SMTP FTP) and cloud application architectures (e.g. O365 Google Workspace AWS Azure).
• Excellent analytical and problem-solving skills with the ability to investigate complex data security events.

Preferred Qualifications

• Direct hands-on experience with one or more of the following:
  • DLP: Trellix (McAfee) DLP.
  • DAM: IBM Guardium
• Relevant certifications such as:
  • Vendor-specific certifications (e.g. IBM Guardium Administrator Trellix DLP).
• Experience with scripting languages (Python PowerShell) for automation and integration will have added advantage.
• Familiarity with Data Security Posture Management (DSPM) concepts and tools.
• Experience working in a regulated industry (Finance) will have added advantage.