Data Protection Engineer

Location: Boston, MA Job Description Role Overview The Senior Data Protection Engineer (Contract) will play a central role in shaping our enterprise data protection program. This individual will be responsible not only for architecting and deploying technical DLP controls across Microsoft Purview, MIP, and Zscaler platforms, but also for working closely with business leaders and data owners to understand the nature, flow, and sensitivity of our information assets. Through collaboration with key stakeholders, the engineer will help define what constitutes “sensitive data”, design classification schemes that reflect business reality, and craft controls that ensure protection and compliance for important documents throughout their lifecycle — whether in Microsoft 365, Confluence, legacy file shares, or other repositories. Key Responsibilities Strategy & Architecture Lead the design and implementation of a cohesive data protection and DLP strategy using Microsoft Purview and Zscaler technologies. Develop and maintain scalable architectures to classify, label, and protect data across endpoints, email, cloud storage, and network layers. Translate business requirements into actionable technical policies and workflows that safeguard critical and sensitive data. Business Engagement & Governance Alignment Partner extensively with business units, Compliance, and Legal to understand our most sensitive information types, business processes, and data flows. Define and document what constitutes sensitive or regulated data across the organization. Collaborate with stakeholders to ensure DLP and retention policies align with operational needs and regulatory expectations. Policy Development & Configuration Build and manage DLP policies, MIP sensitivity labels, and data retention rules within Microsoft Purview and Microsoft 365. Configure Zscaler DLP inspection policies to detect and prevent data exfiltration in web and private app traffic. Integrate Microsoft and Zscaler controls for unified enforcement and visibility. Integration & Data Source Coverage Extend Microsoft Purview coverage to Confluence Cloud, legacy file shares, and other business-critical systems. Leverage PowerShell, Graph API, and automation frameworks to ensure consistent policy deployment and maintenance. Establish data connectors and workflows to bring unstructured and structured data sources under governance. Monitoring, Reporting & Continuous Improvement Build dashboards and reports for DLP incidents, policy performance, and sensitive data movement trends across platforms. Tune policies based on business feedback, operational insights, and threat intelligence. Drive continuous improvement of controls through lessons learned and metrics. Collaboration & Education Engage with business units to raise awareness around data handling, classification, and secure collaboration practices. Partner with IT, Risk, and Compliance teams to align DLP policies with frameworks such as GDPR, SEC, and FINRA. Serve as a trusted advisor to business teams on how to balance productivity with data protection. Qualifications 10+ years of experience in Information Security or Data Protection roles, with 5+ years focused on enterprise DLP or information governance. Deep expertise with Microsoft Purview, Microsoft Information Protection (MIP), and Defender for Cloud Apps. Strong hands-on experience with Zscaler DLP, ZIA, and ZPA is a plus. Proven ability to collaborate with non-technical business stakeholders to define and protect sensitive information. Experience integrating non-Microsoft systems (e.g., Confluence, Jira, legacy file shares) into data protection and classification ecosystems. Proficiency with PowerShell, Graph API, or other scripting for automation and orchestration. Excellent written and verbal communication skills with the ability to explain complex topics to varied audiences. Contract Details Duration: 6–12 months (with potential for extension) Engagement Type: Contract Schedule: Hybrid – Boston, MA Start Date: Immediate