The Senior Security Operations Engineer is responsible for designing, implementing, and improving Data Loss Prevention (DLP) protections across Included Health's corporate and cloud environments. You will lead hands-on deployment and tuning of DLP controls, including endpoint, network, and SaaS. You will investigate and respond to potential data exfiltration events. Additionally, you will drive remediation and hardening based on real-world incidents and detections.
You will own the operational lifecycle of our DLP stack. It involves building and refining policies, partnering with stakeholders to validate business-safe controls, automating response playbooks, and turning signal from alerts and logs into durable security improvements. You will also contribute to adjacent security operations functions, including incident response and vulnerability management, where they intersect with data protection.
You will play a crucial role within the Security Engineering team, reporting directly to the Senior Manager, Security Engineering. This is a remote role.
Responsibilities:
Lead the response to DLP and data security incidents, including investigation, containment, remediation, and root cause analysis for suspected data exfiltration or improper data handling.
Own the deployment, configuration, and continuous tuning of DLP controls across endpoints, network egress, SaaS applications, and cloud storage to protect PHI, PII, PCI, and other sensitive data.
Develop and maintain DLP policies, rules, and classifications that balance security, usability, and regulatory/client requirements.
Build and refine automated response playbooks and workflows that enrich, triage, and respond to DLP alerts, reducing manual effort and mean time to respond.
Perform proactive hunting for anomalous data movement, including unusual destinations, channels, or volumes, using DLP telemetry, EDR, SIEM, and identity signals.
Partner with Security Engineering, IT, Legal, Privacy, Compliance, and business stakeholders to design and enforce secure data-handling patterns and exception processes.
Contribute to broader incident response activities where data exposure or regulatory impact is a concern, including evidence handling and stakeholder communication.
Define and track key DLP metrics (coverage, detection quality, MTTD/MTTR, false positive rate) and communicate progress to security leadership and cross-functional partners.
Qualifications:
Minimum 5+ years of hands-on experience in security operations, incident response, or security engineering roles, with a strong emphasis on data protection and DLP.
Direct, hands-on experience deploying, tuning, and operating DLP tools (endpoint, network, SaaS, and/or cloud) in a production environment.
Experience implementing and operating Cloud Access Security Broker (CASB) or similar SaaS security controls
Deep experience integrating DLP signals into SIEM/SOAR workflows (e.g., CrowdStrike, Splunk, Sentinel)
Advanced scripting/automation skills (e.g., Python, PowerShell, KQL/SQL) used to enrich, tune, and report on DLP/IR telemetry at scale.
Proven experience with Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, SentinelOne) and using them alongside DLP to investigate and contain data-focused incidents.
Strong experience with cloud data protection in AWS, including identifying and remediating misconfigurations, and leveraging native security services (e.g., GuardDuty, Security Hub) and CSPM tooling.
Experience designing and maintaining data classification and policy frameworks for PHI, PII, PCI, and other sensitive data types.
Physical/Cognitive Requirements:
Capability to remain seated in a stationary position for prolonged periods.
Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
Capability to work with leadership, employees, and members in an appropriate manner.
The United States new hire base salary target ranges for this full-time position are:
Zone A: $138,380 - $195,470 + equity + benefits
Zone B: $152,218 - $215,017 + equity + benefits
Zone C: $166,056 - $234,564 + equity + benefits
Zone D: $179,894 - $254,111 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for the successful candidate will depend on several job-related factors, unique to each candidate, which may include, but not limited to, education; training; skill set; years and depth of experience; certifications and licensure; business needs; internal peer equity; organizational considerations; and alignment with geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and competitive compensation based on their roles and locations. Your Recruiter can share details of your geographic alignment upon inquiry.
Benefits & Perks:
In addition to receiving a competitive pay, the compensation package may include, depending on the role, the following:
Remote-first culture
401(k) savings plan through FidelityComprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
Generous Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
12 weeks of 100% Paid Parental leave
Up to $25,000 Fertility and Family Building Benefit Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
11 Holidays Paid with one Floating Paid Holiday
Work-From-Home reimbursement to support team collaboration and effective home office work
24 hours of Paid Volunteer Time Off ("VTO") Per Year to Volunteer with Charitable Organizations
Your recruiter will share more about the benefits package for your role during the hiring process.
#LI-CG1
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at
includedhealth.com.
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law.