Data Protection Security Engineer – Netskope Lead
Job Description
Denken Solutions, Inc. is seeking a Data Protection Security Engineer – Netskope Lead to own enterprise Netskope deployments from Foster City, MI in a hybrid setup with three days onsite and two days remote. This senior role requires hands-on expertise to independently drive NG SWG, NPA, and DLP initiatives across the organization, translating security policy into scalable controls. The position offers a compensation of USD 108 per hour and calls for a strong blend of technical leadership and practical implementation experience.
Responsibilities
- Oversee the end-to-end administration and health of the Netskope tenant, ensuring configurations are correctly enforced and aligned with client security policies and risk posture.
- Manage the Netskope NG SWG to inspect, control, and secure web traffic across the enterprise, using Skope AI threat intelligence and behavioral analytics for real-time detection and response.
- Build and maintain SSL inspection policies, URL filtering categories, threat protection profiles, and cloud app controls, understanding how these layers interact.
- Lead the full lifecycle deployment of Netskope NG SWG, including architecture design, tenant configuration, traffic steering, and integration with existing security infrastructure.
- Configure and maintain SSL/TLS inspection, URL filtering, cloud application controls, and threat protection policies.
- Integrate Netskope with identity providers (e.g., Okta, Azure AD) for user-based policy enforcement.
- Coordinate Netskope client deployment across endpoints with endpoint and IT teams.
- Establish and maintain logging, alerting, and reporting pipelines from the Netskope platform into SIEM tools.
- Design and deploy Netskope NPA to replace or augment traditional VPN infrastructure, enabling zero-trust application access.
- Define publisher placement, application segmentation, and access policies aligned to least-privilege principles.
- Collaborate with application owners and IT teams to onboard private applications to the NPA framework.
- Continuously evaluate and refine NPA policies based on access patterns and security posture requirements.
- Develop a comprehensive DLP strategy covering web, cloud, and private application traffic traversing the Netskope platform.
- Create, tune, and maintain DLP profiles and policies for PII, PHI, PCI, intellectual property, and other regulated or confidential data types.
- Conduct structured DLP policy testing with representative data samples to validate detection accuracy and minimize false positives.
- Establish a formal policy review cadence in partnership with Legal, Compliance, and Data Governance teams; investigate and respond to DLP policy alerts per procedures.
- Serve as the Netskope subject matter expert for NG SWG, NPA, and DLP across security, IT, and business teams.
- Produce and maintain architecture diagrams, runbooks, policy documentation, and operating procedures.
- Provide guidance and knowledge transfer to junior engineers and security operations staff.
- Engage with Netskope TAM and support resources to stay current on platform capabilities and roadmap.
Requirements
- 8+ years of experience in network security, cloud security, or information security engineering.
- 2+ years of hands-on experience deploying and managing Netskope NG SWG and/or Netskope NPA in an enterprise environment.
- Demonstrated experience developing and managing DLP policies, including policy design, testing, and tuning.
- Strong understanding of zero-trust network access (ZTNA) concepts and architectures.
- Proficiency with SSL/TLS inspection, proxy architectures, and cloud access security broker (CASB) functionality.
- Working knowledge of identity and access management platforms (Okta, Azure AD, SAML, SCIM).
- Familiarity with regulatory frameworks relevant to DLP (HIPAA, PCI-DSS, GDPR, CCPA, etc.).
- Strong analytical and troubleshooting skills.
- Bachelor's degree or equivalent hands-on experience.
Technologies
- Netskope NG SWG
- Netskope NPA
- Okta
- Azure AD
- SAML
- SCIM
- SIEM
- Splunk
- Microsoft Sentinel
- Python
- PowerShell