Information Security Engineer - DLP

A World-Changing Company Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. The Role We're looking for someone who has spent years thinking adversarially about how sensitive data moves, leaks, and gets exfiltrated — not just enforcing policies, but understanding every layer of how data can be abused, detected, and protected. If you've built content inspection pipelines, tuned classification policies against real insider threat cases, or reverse-engineered an exfiltration channel that bypassed existing controls, this is the team you want to be on. As an Information Security Engineer focused on Data Loss Prevention, you'll own the security of Palantir's global data protection program. Your team runs 24/7 prevention, detection, and investigation of data security events across our entire environment. The adversaries we face are sophisticated. We need someone who is more so. Salary The estimated salary range for this position is estimated to be $145,000 - $200,000/year. Total compensation for this position may also include Restricted Stock units, sign-on bonus and other potential future incentives. Further note that total compensation for this position will be determined by each individual’s relevant qualifications, work experience, skills, and other factors. This estimate excludes the value of any potential sign-on bonus; the value of any benefits offered; and the potential future value of any long-term incentives. Our benefits aim to promote health and wellbeing across all areas of Palantirians’ lives. We work to continuously improve our offerings and listen to our community as we design and update them. The list below details our available benefits and some of the perks that can be enjoyed as an employee of Palantir Technologies. Benefits •  Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance •  Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance •  Commuter benefits •  Take what you need paid time off, not accrual based •  2 weeks paid time off built into the end of each year (subject to team and business needs) •  10 paid holidays throughout the calendar year •  Supportive leave of absence program including time off for military service and medical events •  Paid leave for new parents and subsidized back-up care for all parents •  Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation •  Stipend to help with expenses that come with a new child •  Employees can enroll in Palantir’s 401k plan Life at Palantir We want every Palantirian to achieve their best outcomes, that’s why we celebrate individuals’ strengths, skills, and interests, from your first interview to your longterm growth, rather than rely on traditional career ladders. Paying attention to the needs of our community enables us to optimize our opportunities to grow and helps ensure many pathways to success at Palantir. Promoting health and well-being across all areas of Palantirians’ lives is just one of the ways we’re investing in our community. Learn more at Life at Palantir and note that our offerings may vary by region. In keeping consistent with Palantir’s values and culture, we believe employees are “better together” and in-person work affords the opportunity for more creative outcomes. Therefore, we encourage employees to work from our offices to foster connectivity and innovation. Many teams do offer hybrid options (WFH a day or two a week), allowing our employees to strike the right trade-off for their personal productivity. Based on business need, there are a few roles that allow for “Remote” work on an exceptional basis. If you are applying for one of these roles, you must work from the state in which you are employed. If the posting is specified as Onsite, you are required to work from an office. If you want to empower the world's most important institutions, you belong here. Palantir values excellence regardless of background. We are proud to be an Equal Opportunity Employer for all, including but not limited to Veterans and those with disabilities. Palantir is committed to making the application and hiring process accessible to everyone and will provide a reasonable accommodation for those living with a disability. If you need an accommodation for the application or hiring process, please reach out and let us know how we can help. Please note that you will never be asked to submit a payment or share financial information to participate in our interview process. If you suspect that you've been contacted by a scammer, we recommend you cease all communication with the individual and consider reporting them to the relevant authorities, such as the US FBI Internet Crime Complaint Center (IC3). If you would like to understand more about how your personal data will be processed by Palantir, please see our Privacy Policy. Core Responsibilities Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold. Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots. Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls. Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene. Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration. Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence. What We're Looking For Data Loss Prevention Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data. Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels. Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind. Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies. Data Security Fundamentals Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement. Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient. Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure. Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting. Detection & Response Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures. Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors. Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations. What We Value Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores. Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft. Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection. What We Require 5+ years of hands-on security experience, with the majority focused on data loss prevention, data protection, or insider threat programs. Proficiency in Python or a scripting language of your choice for detection development, policy automation, and forensic tooling. Active TS/SCI security clearance, or eligibility and willingness to obtain one. A portfolio of real work: policies you've designed, detections you've written, investigations you've led, or programs you've built.

{
  "content_hash": "332627c7cf6ff6af1d8a6ddaa34b873970c16acc0dc2fe4ea6b20bc9c9661789",
  "source_hash": "c9976c9fc9a62fcad1b85b6a60e0e31357b7136d9acac3901a95feff11f32be4",
  "last_changed_at": "2026-05-29T07:11:46.777Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Washington, D.C.",
    "city": "Washington",
    "region": null,
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 200000,
  "salary_min": 145000,
  "inferred_at": "2026-06-06T19:07:37.467Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Washington, D.C.",
      "city": "Washington",
      "region": null,
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": "year",
  "workplace_type": "hybrid",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "Core Responsibilities",
      "content": "<div>\n\n<li>Own the security posture of Palantir's DLP estate — policy architecture, classification standards, and ongoing validation that those standards hold.</li>\n<li>Reduce data exposure risk across the environment: audit and remediate misconfigured policies, coverage gaps, over-permissioned data flows, shadow IT channels, and enforcement blind spots.</li>\n<li>Evaluate, deploy, and own the configuration of data protection tooling across endpoint, network, and cloud vectors: content inspection, data classification, user activity monitoring, and enforcement controls.</li>\n<li>Build and maintain automation for data security operations — policy tuning pipelines, alert triage workflows, access reviews, and data handling hygiene.</li>\n<li>Partner with Identity, Infrastructure, and Legal teams to drive architectural improvements: data classification frameworks, acceptable use enforcement, cloud data governance, and insider threat program integration.</li>\n<li>Translate findings from assessments and incident investigations into durable fixes — policy changes, architectural improvements, and program updates that reduce recurrence.</li>\n\n</div>"
    },
    {
      "text": "What We're Looking For",
      "content": "<div><strong>Data Loss Prevention</strong>\n\n<li>Deep, working knowledge of DLP architecture: endpoint agents, network inspection, cloud API integrations, policy engines, and content-aware detection across structured and unstructured data.</li>\n<li>Hands-on experience investigating and detecting data exfiltration across the full kill chain — from reconnaissance and staging through exfiltration via web, email, removable media, and cloud sync channels.</li>\n<li>Familiarity with common evasion techniques (encoding, steganography, covert channels, cloud storage abuse) and, critically, what they leave behind.</li>\n<li>Experience building and maturing DLP programs: classification taxonomies, policy tiering by data sensitivity, incident workflow design, and false-positive reduction methodologies.</li>\n\n<strong>Data Security Fundamentals</strong>\n\n<li>Thorough understanding of data security architecture: content inspection techniques, regular expression and fingerprinting-based detection, optical character recognition (OCR) for image-based data, and contextual policy enforcement.</li>\n<li>Ability to assess data flows across complex environments — SaaS, IaaS, on-premises, and hybrid — and identify where controls are absent or insufficient.</li>\n<li>Proficiency with log analysis and forensic investigation tools to reconstruct data movement and user behavior across endpoints and network infrastructure.</li>\n<li>Experience building telemetry pipelines and detections on top of raw DLP event data beyond out-of-the-box vendor alerting.</li>\n\n<strong>Detection &amp; Response</strong>\n\n<li>Proven track record writing high-fidelity detection logic for data exfiltration and insider threat scenarios, not just tuning vendor signatures.</li>\n<li>Experience leading complex incident response investigations involving insider threats, compromised credentials being used to stage and exfiltrate data, or sophisticated external actors.</li>\n<li>Strong forensic fundamentals across endpoint artifacts, network captures, and cloud audit logs relevant to data movement investigations.</li>\n\n</div>"
    },
    {
      "text": "What We Value",
      "content": "<div>\n\n<li>Experience with cloud-native data security controls across major IaaS and SaaS platforms, and hybrid architectures that span on-premises and cloud data stores.</li>\n<li>Prior work in insider threat programs, adversary simulation, or offensive security research — especially focused on data exfiltration tradecraft.</li>\n<li>Public contributions: conference talks, blog posts, or open-source tooling related to data protection or insider threat detection.</li>\n\n</div>"
    },
    {
      "text": "What We Require",
      "content": "<div>\n\n<li>5+ years of hands-on security experience, with the majority focused on data loss prevention, data protection, or insider threat programs.</li>\n<li>Proficiency in Python or a scripting language of your choice for detection development, policy automation, and forensic tooling.</li>\n<li>Active TS/SCI security clearance, or eligibility and willingness to obtain one.</li>\n<li>A portfolio of real work: policies you've designed, detections you've written, investigations you've led, or programs you've built.</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1776284548973,
  "updatedAt": null,
  "categories": {
    "team": "Information Security",
    "location": "Washington, D.C.",
    "commitment": "Full-time",
    "allLocations": [
      "Washington, D.C."
    ]
  },
  "salaryRange": null,
  "workplaceType": "hybrid"
}