Data Security Engineer

Overview

ABOUT US:

Founded in 1993, Bayview Asset Management is an investment management firm focused on investments in mortgage and consumer credit, including whole loans, asset-backed securities, mortgage servicing rights, and other credit-related assets.

POSITION SUMMARY:

We are seeking an experienced and hands-on Data Security Engineer to lead the design, implementation, and advancement of our enterprise data security and data privacy strategy. This role will serve as a subject matter authority on data security engineering and architecture, capable of partnering across technical and business teams to interpret, influence, and strengthen our data security and privacy posture. Reporting to the VP, Enterprise Information Protection Officer, the successful candidate will combine technical expertise with strategic vision, demonstrating drive, clarity, and a passion for securing information.

RESPONSIBILITIES:

• Lead the engineering, architecture, deployment, troubleshooting and continuous improvement of enterprise Data Loss Prevention (DLP), Data Classification, Data Security Posture Management (DSPM), Insider Risk, and CASB technologies.
• Administer, optimize and manage policy development, rule tuning, and platform configuration across multiple systems, including, but not limited to:
• Microsoft Purview (Information Protection, DLP, Discovery)
• Microsoft Defender for Endpoint DLP
• Microsoft Insider Risk Management
• Netskope CASB
• Varonis (Endpoint, Cloud, NetApp)
• Lead the evaluation of Data Security Posture Management solutions.
• Develop and continuously enhance DLP event pipelines, including triage, incident escalation, and feedback loops to refine policy accuracy.
• Design and manage DLP and Classification policies and rulesets with a focus on scalability.
• Design and implement custom detection classifiers and rules for enhanced data discovery and advanced data protection scenarios.
• Develop custom data detection classifiers to enhance sensitive data discovery.
• Enable secure cloud application usage and implement risk mitigation measures using existing tools (e.g., forward and reverse proxy).
• Develop and manage insider risk use cases, threat models, and behavioral detection policies in Microsoft’s Insider Risk platform.
• Integrate Purview tools with SIEM/SOAR platforms for alert correlation and automation.
• Design case management functionality using Splunk Mission Control.
• Build automation scripts, dashboards, and workflows to improve the efficiency of DLP operations and reporting.
• Partner with Security Operations, IT, Legal, and Compliance to define response workflows and ensure regulatory and policy alignment.
• Analyze and tune DLP incidents to reduce false positives and maximize signal-to-noise ratio.
• Identify security gaps in business processes involving sensitive data and lead remediation planning.
• Document procedures, playbooks, detection logic, and architectural decisions for long-term maintainability.
• Evaluate existing systems and architectures to ensure alignment with data protection and data privacy standards and identifying non-compliance with regulatory and internal requirements.
• Evaluate the data protection and data privacy impact of new technology acquisitions or system integrations.
• Map and analyze sensitive data flows, identifying exposure and recommending risk mitigation strategies.
• Cultivate strong partnerships with IT, Information Security (IS), and business stakeholders to drive forward data protection and privacy objectives.
• Stay up to date on DLP threat landscape, new technologies, and product enhancements.
  
  

Qualifications:

• Minimum 12 years of experience in data protection and data privacy.
• CISSP certification preferred.
• Proficient with managing, configuring and reporting on data protection platforms including Microsoft Purview, Defender, Netskope, Imperva DAM, Varonis.
• Strong understanding of data protection lifecycle: requirements gathering, control implementation, service optimization.
• Proven experience configuring and deploying DLP/CASB/Insider Threat policies to enhance data security and data privacy efforts and reduce organizational risk.
• Expertise in building scalable data protection infrastructures aligned with strategic program goals.
• Experience defining metrics to measure security program effectiveness and risk reduction.
• Deep understanding and hands on experience with core data protection functions: classification, discovery, encryption, masking, anomaly detection.
• Demonstrated process design and continuous improvement skills.
• Passion for safeguarding sensitive and confidential information.
• Adept at aligning business needs with technical security solutions.
• Working knowledge of network and web security.
• Comfortable working cross-functionally and independently.
• Strong communicator capable of influencing at all organizational levels.
• Exceptional analytical thinking with a strong focus on risk identification and mitigation.
• Proven ability to meet high-stakes deadlines and manage small teams (up to 5 people).
  
  

LOCATION & COMPENSATION:

• This is a remote position.
• Base compensation is expected to be $170,000-$205,000, with the opportunity for incentive compensation including a performance-based bonus.
  
  

EEOC

Bayview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.