DLP Analyst
The Security Operations Center is responsible for providing monitoring, detection, and response capabilities for Comerica. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The DLP Analyst serves as a specialist within the SOC for DLP related events, and encompasses the triage, investigation, classification, and escalation of DLP events.

The Data Loss Prevention (DLP) Analyst is responsible for providing monitoring, triage, and investigation capabilities for DLP / Insider Threat events within the Security Operations Center (SOC). The DLP Analyst will also be responsible to mitigate impacts of DLP events, utilizing defined processes and playbooks, and escalate them as required to the appropriate team / leadership if necessary.

Position Responsibilities:

DLP Analysis

• Monitor DLP alerts generated through the ticketing system and DLP technologies to triage, investigate, document, and resolve DLP events, utilizing pre-defined processes and procedures to do so while adhering to Service Level Agreements / Expectations / Objectives.
• Performs monitoring and initial triage of insider threats, documenting analysis results and decisions that are made.
• Collaborates with corporate fraud and cyber fraud teams on investigations.
• Accurately identifies and classifies the DLP events according to criticality.
• Provides support for investigations of incidents involving the theft / exfiltration of sensitive data.
• Performs processing of DLP exception requests using defined processes.

Communication and Administration

• Supports the development and testing of new DLP policies and rule sets by providing continuous feedback to the DLP Engineering team.
• Supports the development and maintenance of documentation related to DLP incidents and exceptions by providing feedback and user input.
• Performs data collection in support of trend analysis and metrics (KPI/KRI).
• Assists in DLP controls testing, audit, and other ad hoc requests as required, with guidance from senior staff and the SOC manager.
• Handles sensitive information in accordance with the Corporate Information Protection Policy.

Preferred Skills

• Understanding of Information Security concepts and frameworks.
• Working knowledge of the use of DLP (e.g. O365, Proofpoint) / SIEM / IT Ticketing technologies (ServiceNow preferred).
• Knowledge of data security, classification, and handling best practices.
• Strong written and oral communication, documentation, organizational, and collaboration skills.
• Rigorous attention to detail and strong analytical capability.

Position Qualifications:

• Bachelor Degree in Computer Science, Engineering, Information Systems or Cyber Security or High School Diploma or GED and 8 years of progressive relevant experience
• 4 years of experience in information security/technology experience
• 3 years of experience in security event triage and investigation with DLP/data protection experience preferred
• 3 years of experience working with DLP capabilities such as data classification and tagging tools, CASB, content filtering and network proxies
• 3 years of experience using standard monitoring, logging, and alerting tools

Preferred Licenses/Certifications

• Foundational Cybersecurity / IT certifications (e.g. Security+, ITIL, ISO 20/27000, CFE, GCIA)