Data Protection Engineer, Zero Trust Program (USSOCOM) - Journeyman

Lensa is a career site that helps job seekers find great jobs in the US. We are not a staffing firm or agency. Lensa does not hire directly for these jobs, but promotes jobs on LinkedIn on behalf of its direct clients, recruitment ad agencies, and marketing partners. Lensa partners with DirectEmployers to promote this job for Athenix Solutions Group, LLC. Clicking "Apply Now" or "Read more" on Lensa redirects you to the job board/employer site. Any information collected there is subject to their terms and privacy notice.

Data Protection Engineer, Zero Trust Program (USSOCOM) - Journeyman

MacDill Air Force Base, FL (http://maps.google.com/maps?q=7701 Tampa Point Boulevard MacDill Air Force Base FL USA 33621)

• Athenix Special Missions
  
  

Description

Athenix Special Missions is seeking a Data Protection Engineer, Zero Trust Program (USSOCOM) - Journeyman in MacDill Air Force Base (Tampa), Florida!

Must be a U.S. Citizen

Security Clearance: Active Top-Secret clearance

Job Description

We are seeking a hands-on and technically proficient Data Protection Engineer to join the Network Execution Team supporting a critical Zero Trust initiative at U.S. Special Operations Command (USSOCOM). This role is essential for the tactical implementation of data-centric security controls across the Command's hybrid environment, ranging from commercial cloud capabilities on NIPR to the rigid, disconnected constraints of the SIPR and Top-Secret networks.

As a Data Protection Engineer, you will be the primary "hands-on-keyboard" implementer responsible for configuring, deploying, and tuning the encryption and labeling technologies that protect the Command's most sensitive data. You will translate the high-level architecture defined by the Chief Architect into concrete, enforceable policies within Microsoft Purview (for NIPR) and enterprise DRM platforms like Virtru or Kiteworks (for SIPR/Top Secret). You will move the Command from a passive "audit" posture to an active "block" posture, ensuring that data is encrypted and persistent protection travels with the file, regardless of where it is stored or transferred.

Responsibilities

• Microsoft Purview Implementation (NIPR): Configure and deploy Sensitivity Labels, Auto-labeling policies, and Data Loss Prevention (DLP) rules within the Microsoft 365 E5 suite to classify and protect CUI and PII in SharePoint, OneDrive, and Exchange.
• DRM & Encryption Configuration (SIPR/Top Secret): Implement and manage enterprise Digital Rights Management (DRM) solutions (specifically Virtru or Kiteworks) to enforce encryption-at-rest and attribute-based access control on classified networks.
• Policy Tuning & Enforcement: Oversee the phased transition of security policies from "Monitoring" mode to "Blocking" mode, analyzing false positives and tuning classifiers (Regex, Keyword Dictionaries, Trainable Classifiers) to minimize mission disruption.
• Endpoint Protection: Collaborate with the Trellix engineering team to ensure that data tags applied by Purview/DRM tools are correctly recognized and enforced by endpoint DLP agents on workstations.
• Cross-Domain Support: Assist in the manual "sneaker-net" transfer of policy updates and classification patterns to the air-gapped Top Secret environment, ensuring configuration consistency across all networks.
  
  

Results

• Impact: Your configuration of encryption and DLP policies serves as the last line of defense. By ensuring data is locked down at the object level, you directly prevent unauthorized access by adversaries.
• Relationships: You will work closely with Data Engineers who locate the data and Identity Engineers who manage the attributes, creating a collaborative feedback loop to refine policy accuracy.
• Growth: This project offers an unparalleled opportunity to become a technical expert in both Microsoft’s cloud-native security stack and specialized on-premises encryption tools used in high-threat environments.
• Trust: You will build the technical enforcement mechanisms that create a trustworthy computing environment, ensuring that data is protected and access is controlled according to Zero Trust principles
  
  

Why Choose Athenix Special Missions?

Athenix Special Missions is a world leader in designing, building, and developing realistic training exercises for Special Operations, conventional forces, and partner nations. Our experience ranges from planning individual team training events to executing 2,000-person joint exercises.

Our mission-tailored solutions include tactical and strategic training events and exercises and often integrate live forces with virtual and constructive training domains. By bringing together the right combination of subject-matter expertise, domain insight, and advanced technology, we help improve mission readiness, increase situational awareness, and enhance performance.

Requirements

Qualifications

Minimum Clearance Required To Start

• Active Top-Secret clearance with SCI eligibility.
  
  

Required Experience & Skills ("Must-Haves")

• Microsoft Purview Expertise: Significant (3 years) hands-on experience configuring Microsoft Information Protection (MIP), Sensitivity Labels, and DLP policies in a large enterprise or DoD environment.
• DRM/Encryption Experience: Proven experience implementing and managing enterprise encryption and Rights Management tools such as Virtru , Kiteworks , or Seclore , particularly in on-premises or hybrid configurations.
• Data Classification: Strong understanding of data classification methodologies, including the creation of custom sensitive info types (SITs) using Regex and Exact Data Match (EDM).
• Technical Troubleshooting: Ability to diagnose and resolve complex issues related to encryption key management, policy propagation, and agent conflicts.
• Journeyman
• Education: BA/BS or MA/MS
• Years Exp: 3-10
• A Journeyman labor category has 3 to 10 years of experience and a BA/BS or MA/MS degree. A Journeyman labor category typically performs all functional duties independently.
  
  

Preferred Experience & Skills ("Nice-to-Haves")

• Experience with Trellix DLP (formerly McAfee) endpoint products.
• Knowledge of NetApp BlueXP or BigID for data discovery.
• Prior experience supporting USSOCOM or working on SIPRNet/JWICS systems.
• Familiarity with DoD Data Strategy and CUI handling requirements.
  
  

Certifications

• Required: CompTIA Security CE (or higher) to meet DoD 8570 IAT Level II requirements.
• Preferred: Microsoft Information Protection Administrator (SC-400)
• Preferred: Virtru Certified Professional or Kiteworks Administrator Certification
  
  

Equal Opportunity Employer, including disability and protected veteran status

If you have questions about this posting, please contact support@lensa.com