Data Protection Security Engineer – Netskope Lead

Data Protection Security Engineer – Netskope Lead
Onsite in Foster City, CA | at least 3 days in office

The ideal candidate is a hands-on security engineer with deep Netskope expertise who can independently lead enterprise-wide NG SWG, NPA, and DLP initiatives while partnering effectively with security, networking, infrastructure, compliance, and business stakeholders. Experience with Zero Trust architectures, DLP policy development, and enterprise-scale security deployments is essential.

Key Responsibilities:

In this role, you will be responsible for the end-to-end administration and health of the Netskope tenant, ensuring that all deployed products are correctly configured, consistently enforced, and aligned with Zoox's security policies and risk posture. You will manage the NG SWG to inspect, control, and secure web traffic across the enterprise, leveraging Skope AI's threat intelligence and behavioral analytics to detect and respond to anomalous activity in real time. You will be expected to build and maintain SSL inspection policies, URL filtering categories, threat protection profiles, and Cloud app controls with a clear understanding of how these layers interact.

• Netskope NG SWG Implementation & Management

  • Lead the full lifecycle deployment of Netskope NG SWG, including architecture design, tenant configuration, traffic steering, and integration with existing security infrastructure

  • Configure and maintain SSL/TLS inspection, URL filtering, cloud application controls, and threat protection policies

  • Integrate Netskope with identity providers (e.g., Okta, Azure AD) for user-based policy enforcement

  • Manage Netskope client deployment across endpoints in coordination with endpoint and IT teams

  • Establish and maintain logging, alerting, and reporting pipelines from the Netskope platform into SIEM tools

• Netskope NPA Implementation & Management

  • Lead the design and deployment of Netskope NPA to replace or supplement traditional VPN infrastructure, enabling zero-trust application access

  • Define publisher placement, application segmentation, and access policies aligned to least-privilege principles

  • Collaborate with application owners and IT teams to onboard private applications to the NPA framework

  • Continuously evaluate and refine NPA policies based on access patterns and security posture requirements

• DLP Policy Development & Testing

  • Develop a comprehensive DLP strategy covering web, cloud, and private application traffic traversing the Netskope platform

  • Create, tune, and maintain DLP profiles and policies for sensitive data categories including PII, PHI, PCI, intellectual property, and other regulated or confidential data types

  • Conduct structured DLP policy testing using representative data samples to validate detection accuracy and minimize false positives

  • Establish a formal policy review and tuning cadence in partnership with Legal, Compliance, and Data Governance teams

  • Investigate and respond to DLP policy alerts, escalating incidents per established procedures

• Stakeholder Collaboration & Documentation

  • Serve as the subject matter expert for Netskope NG SWG, NPA, and DLP across security, IT, and business teams

  • Produce and maintain architecture diagrams, runbooks, policy documentation, and operational procedures

  • Provide guidance and knowledge transfer to junior engineers and security operations staff

  • Engage with Netskope TAM and support resources to stay current on platform capabilities and roadmap

Required Qualifications:

• 8+ years of experience in network security, cloud security, or information security engineering

• 2+ years of hands-on experience deploying and managing Netskope NG SWG and/or NPA in an enterprise environment

• Demonstrated experience developing and managing DLP policies, including policy design, testing, and tuning

• Strong understanding of zero-trust network access (ZTNA) concepts and architectures

• Proficiency with SSL/TLS inspection, proxy architectures, and cloud access security broker (CASB) functionality

• Working knowledge of identity and access management platforms (Okta, Azure AD, SAML, SCIM)

• Familiarity with regulatory frameworks relevant to DLP (HIPAA, PCI-DSS, GDPR, CCPA, etc.)

• Strong analytical and troubleshooting skills with the ability to work through complex network and policy issues

Preferred Qualifications:

• Netskope One Professional or equivalent Netskope certification

• Experience integrating Netskope with SIEM/SOAR platforms (Splunk, Microsoft Sentinel, etc.)

• Background in endpoint security, SASE architecture, or broader SSE framework implementation

• Experience with scripting or automation (Python, PowerShell) for policy management or log analysis

• Familiarity with additional DLP tools or platforms beyond Netskope

Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field — or equivalent hands-on experience in lieu of a degree

Preferred Certifications:

• CISSP, CCSP (ISC²), CISM or equivalent security certification

• CompTIA Security+ or Network+