Job Requirements
Tampa, FL
Top Secret/SCI Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Overview
Thank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities. By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones.
Kentro is seeking a highly technical Senior Data Security Engineer (DRM) to drive the massive data discovery, classification, and secure data rights management effort for the Zero Trust initiative at U.S. Special Operations Command (USSOCOM).
Before data can be protected under a Zero Trust architecture, it must be found, understood, and precisely controlled. You will be responsible for illuminating "dark data" across the Command's complex information environment, ranging from hyperscale cloud data lakes on NIPR to legacy file shares and isolated storage arrays on the SIPR and Top-Secret networks.
As a Senior Data Security Engineer, you will architect, deploy, and manage advanced data rights management and security monitoring solutions. Your primary mission is to build and secure the "Global Data Inventory"-a dynamic, real-time map of where sensitive CUI and classified intelligence resides-enabling security teams to apply precision, policy-driven protection.
You will lead the deployment of Active Directory Rights Management (AD-RMS) and Azure RMS as the foundational data rights management solution for USSOCOM's Zero Trust framework, while leveraging the Microsoft Defender suite to enforce continuous compliance and secure access boundaries.
Location: Hybrid in Tampa, FL
Responsibilities
Qualifications
Preferred Technical Skills (A Plus)
Clearance:
Thank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities. By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones.
Kentro is seeking a highly technical Senior Data Security Engineer (DRM) to drive the massive data discovery, classification, and secure data rights management effort for the Zero Trust initiative at U.S. Special Operations Command (USSOCOM).
Before data can be protected under a Zero Trust architecture, it must be found, understood, and precisely controlled. You will be responsible for illuminating "dark data" across the Command's complex information environment, ranging from hyperscale cloud data lakes on NIPR to legacy file shares and isolated storage arrays on the SIPR and Top-Secret networks.
As a Senior Data Security Engineer, you will architect, deploy, and manage advanced data rights management and security monitoring solutions. Your primary mission is to build and secure the "Global Data Inventory"-a dynamic, real-time map of where sensitive CUI and classified intelligence resides-enabling security teams to apply precision, policy-driven protection.
You will lead the deployment of Active Directory Rights Management (AD-RMS) and Azure RMS as the foundational data rights management solution for USSOCOM's Zero Trust framework, while leveraging the Microsoft Defender suite to enforce continuous compliance and secure access boundaries.
Location: Hybrid in Tampa, FL
Responsibilities
- Data Rights and Zero Trust: Architect, deploy, and manage Active Directory Rights Management (AD-RMS) and Azure RMS as the primary Data Rights Management (DRM) engine to enforce persistent protection of files and emails across hybrid networks.
- Defender and Access Policy: Design and configure security policies within the Microsoft Defender suite, focusing on Microsoft Purview (information protection, data loss prevention), Microsoft Defender for Cloud Apps (cloud access security broker), Entra ID, and Microsoft Conditional Access to control resource access based on device compliance and risk.
- Catalog Integration: Drive data catalog integration and metadata synchronization with enterprise platforms including Palantir, Microsoft Unified Catalog, Purview Audit, and Activity Explorer solutions to track data movement and security state.
- Unstructured Data Crawling: Connect discovery and catalog tools to enterprise databases (SQL Server, Oracle, PostgreSQL) to scan schemas and columns for sensitive indicators without impacting database performance.
- Cloud Data Integration: Utilize Microsoft Purview Data Map and custom connectors to inventory and secure data residing in AWS S3 buckets, Azure Blobs, and Data Lakes.
- Classification Tuning: Collaborate with mission owners to train Machine Learning (ML) classifiers to recognize unique USSOCOM data types (e.g., mission names, operational codes) and reduce false positive rates in the data inventory.
Qualifications
- Master's degree (MA/MS) in Computer Science, Cybersecurity, Information Technology, or a related technical discipline
- 10+ years of relevant experience in enterprise systems engineering, data security, or cybersecurity operations
- Data Rights Management: Proven experience implementing and administering AD-RMS and Azure RMS in complex, multi-domain, or hybrid cloud environments.
- Microsoft Security Stack: Deep expertise in the Microsoft Defender suite, specifically:
- Microsoft Purview (Sensitivity Labeling, DLP, Information Barrier policies).
- Microsoft Defender for Cloud Apps (MCAS policies and session controls).
- Microsoft Entra ID (Identity and Access Management).
- Microsoft Conditional Access (Context-aware security policies).
- Data Catalog Integration: Proven experience integrating and managing metadata across enterprise catalogs such as Palantir, Microsoft Unified Catalog, and utilizing Purview Audit and Activity Explorer to monitor data lifecycle events.
- Storage & Database Knowledge: Strong understanding of storage protocols (NFS, SMB/CIFS, S3) and database structures (SQL, NoSQL) to troubleshoot connectivity and security scanning access.
- Containerization: Proficiency with Kubernetes and Docker, as modern data collectors and agents are frequently deployed as containerized microservices.
- Data Handling: Experience dealing with large-scale data environments (Petabyte scale) and a solid understanding of data lineage, provenance, and classification concepts.
Preferred Technical Skills (A Plus)
- Advanced knowledge of Kusto Query Language (KQL) for writing sophisticated detection rules, hunting queries, and diagnostic analysis within Microsoft Sentinel/Purview.
- Strong proficiency in Splunk Processing Language (SPL) for building advanced dashboards, alerts, and performing forensic analysis.
Clearance:
- Active Top-Secret clearance with SCI eligibility.
group id: 10484831