Senior Security Operations Engineer

The Senior Security Operations Engineer is responsible for designing, implementing, and improving Data Loss Prevention (DLP) protections across Included Health's corporate and cloud environments. You will lead hands‑on deployment and tuning of DLP controls, including endpoint, network, and SaaS. You will investigate and respond to potential data exfiltration events. Additionally, you will drive remediation and hardening based on real‑world incidents and detections. You will own the operational lifecycle of our DLP stack. It involves building and refining policies, partnering with stakeholders to validate business‑safe controls, automating response playbooks, and turning signals from alerts and logs into durable security improvements. You will also contribute to adjacent security operations functions, including incident response and vulnerability management, where they intersect with data protection. You will play a crucial role within the Security Engineering team, reporting directly to the Senior Manager, Security Engineering. This is a remote role. Responsibilities Lead the response to DLP and data security incidents, including investigation, containment, remediation, and root cause analysis for suspected data exfiltration or improper data handling. Own the deployment, configuration, and continuous tuning of DLP controls across endpoints, network egress, SaaS applications, and cloud storage to protect PHI, PII, PCI, and other sensitive data. Develop and maintain DLP policies, rules, and classifications that balance security, usability, and regulatory/client requirements. Build and refine automated response playbooks and workflows that enrich, triage, and respond to DLP alerts, reducing manual effort and mean time to respond. Perform proactive hunting for anomalous data movement, including unusual destinations, channels, or volumes, using DLP telemetry, EDR, SIEM, and identity signals. Partner with Security Engineering, IT, Legal, Privacy, Compliance, and business stakeholders to design and enforce secure data‑handling patterns and exception processes. Contribute to broader incident response activities where data exposure or regulatory impact is a concern, including evidence handling and stakeholder communication. Define and track key DLP metrics (coverage, detection quality, MTTD/MTTR, false positive rate) and communicate progress to security leadership and cross‑functional partners. Qualifications Minimum 5+ years of hands‑on experience in security operations, incident response, or security engineering roles, with a strong emphasis on data protection and DLP. Direct, hands‑on experience deploying, tuning, and operating DLP tools (endpoint, network, SaaS, and/or cloud) in a production environment. Experience implementing and operating Cloud Access Security Broker (CASB) or similar SaaS security controls. Deep experience integrating DLP signals into SIEM/SOAR workflows (e.g., CrowdStrike, Splunk, Sentinel). Advanced scripting/automation skills (e.g., Python, PowerShell, KQL/SQL) used to enrich, tune, and report on DLP/IR telemetry at scale. Proven experience with Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne) and using them alongside DLP to investigate and contain data‑focused incidents. Strong experience with cloud data protection in AWS, including identifying and remediating misconfigurations, and leveraging native security services (e.g., GuardDuty, Security Hub) and CSPM tooling. Experience designing and maintaining data classification and policy frameworks for PHI, PII, PCI, and other sensitive data types. Physical/Cognitive Requirements Capability to remain seated in a stationary position for prolonged periods. Eye‑hand coordination and manual dexterity to operate keyboard, computer and other office‑related equipment. Capability to work with leadership, employees, and members in an appropriate manner. United States Salary Range Zone A: $138,380 - $195,470 + equity + benefits Zone B: $152,218 - $215,017 + equity + benefits Zone C: $166,056 - $234,564 + equity + benefits Zone D: $179,894 - $254,111 + equity + benefits This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones. Starting base salary for the successful candidate will depend on several job‑related factors, unique to each candidate, which may include, but not limited to, education; training; skill set; years and depth of experience; certifications and licensure; business needs; internal peer equity; organizational considerations; and alignment with geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and competitive compensation based on their roles and locations. Your Recruiter can share details of your geographic alignment upon inquiry. Benefits & Perks Remote‑first culture 401(k) savings plan through Fidelity Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance) Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents Generous Paid Time Off (PTO) and Discretionary Time Off (DTO) 12 weeks of 100% Paid Parental leave Up to $25,000 Fertility and Family Building Benefit (Compassionate Leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment) 11 Holidays Paid with one Floating Paid Holiday Work‑From‑Home reimbursement to support team collaboration and effective home office work 24 hours of Paid Volunteer Time Off (VTO) Per Year to volunteer with charitable organizations Your recruiter will share more about the benefits package for your role during the hiring process. About Included Health Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high‑quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in‑person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com. Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law. Included Health uses AI‑assisted tools at select stages of the hiring process to enhance efficiency, consistency, and communication. AI does not make hiring decisions—final decisions are made exclusively by our recruiting and hiring teams. #J-18808-Ljbffr Included Health