Data Loss Prevention (DLP) Analyst

About Nightfall:

Nightfall is the AI-native, unified data loss prevention and insider risk management platform that protects sensitive data across SaaS apps, GenAI tools, email, endpoint devices, and more. Hundreds of customers, spanning AI innovators to top 10 banks, trust Nightfall to detect and stop data exfiltration at scale. Nightfall enables organizations to innovate freely without the risks of losing intellectual property or exposing customer data. Our agentic platform helps security teams regain their time by putting data loss prevention on autopilot. With automatic remediation, security violations can be resolved automatically before they become incidents, and end-users can be automatically trained and coached in the moment to self-heal violations that they introduce.

Nightfall is backed by leading VC firms including Bain Capital Ventures (Enrique Salem - former CEO of Symantec), Venrock (early investors in Cloudflare), WestBridge Capital, Pear VC (early investors in Dropbox and Doordash), and a cadre of cybersecurity leaders including Frederic Kerrest (founder of Okta), Maynard Webb (former COO of eBay), Ryan Carlson (President of Chainguard), Kevin Mandia (founder of Mandiant), and many others.

About the role:

As a DLP Analyst at Nightfall, you'll be at the forefront of protecting our customers' most sensitive data. You'll become an expert on Nightfall's DLP platform, working directly with security teams to operationalize data loss prevention across their organizations. This is a hands-on role that combines technical depth, investigative skills, and customer obsession to help enterprises detect, investigate, and prevent data exfiltration incidents while maintaining employee productivity.

You'll work closely with customers' security operations teams to monitor data movement, investigate alerts, tune detection policies, and provide strategic guidance on insider threat mitigation. This role requires someone who can balance technical precision with business judgment - understanding when an alert represents a genuine security incident versus legitimate business activity.

Key Responsibilities

Alert Monitoring & Incident Response

• Monitor and analyze DLP alerts across endpoint, browsers, SaaS, and AI applications to identify potential data exfiltration events, policy violations, and insider threats

• Conduct real-time triage of security alerts, distinguishing between true positives and false positives using behavioral context, data lineage analysis and sensitive findings

• Perform detailed forensic investigations into data loss incidents, analyzing user activity, data movement patterns, and exfiltration vectors (email, web uploads, removable storage, print, source code exfiltration, desktop apps, GenAI apps etc.)

• Understand and follow incident response processes and escalation procedures, coordinating with customer incident response teams on high-severity cases

• Document investigation findings, evidence trails, and remediation recommendations with clear, actionable reports

Policy Development & Optimization

• Configure and maintain DLP policies based on customer data classification schemes, compliance requirements (GDPR, HIPAA, PCI-DSS, SOX), and business objectives

• Continuously tune detection rules and sensitivity thresholds to reduce false positives while maintaining high detection accuracy

• Identify patterns in alert data to recommend new use cases, detection methods, and policy improvements

• Work with customers to develop custom detection policies for industry-specific sensitive data types and unique organizational requirements

• Establish baselines for normal user behavior by role, department, and geography to improve anomaly detection

Customer Collaboration & Advisory

• Serve as a trusted technical advisor and subject matter expert on data protection, DLP best practices, and insider threat management

• Conduct regular operational reviews with customers to share insights on data risk trends, policy effectiveness, and program maturity

• Educate customer security teams on using Nightfall's platform effectively, including investigation workflows, reporting capabilities, onboarding and deployment best practices

• Understand customer business context to deliver relevant, actionable security guidance - not just alerts, but answers to "why this matters" and "what to do next"

Platform Administration & Technical Support

• Administer Nightfall's DLP solution including agent deployment, policy configuration, integration setup, and performance monitoring

• Troubleshoot technical issues with endpoint agents, browser extensions, SaaS integrations

• Work with Nightfall engineering teams to report bugs, provide product feedback, and contribute to feature development based on customer needs

• Stay current on Nightfall platform updates, new capabilities, and best practices to maximize value for customers

• Coordinate with internal teams (Sales Engineering, Customer Success, Product) to ensure successful customer outcomes

Threat Intelligence & Research

• Stay informed about emerging insider threat trends, data exfiltration techniques, and adversary tactics, techniques, and procedures (TTPs)

• Analyze external DLP market developments and competitive intelligence to inform customer guidance

• Contribute to Nightfall's insider risk intelligence by documenting novel attack patterns, evasion techniques, and detection methods

Reporting & Metrics

• Compile and deliver executive-level reports with clear metrics, data visualizations, and risk assessments

• Track key performance indicators: detection accuracy, false positive rates, mean time to detect/respond, policy coverage, data at risk

• Provide business impact analysis showing how DLP program prevents data loss, supports compliance, and enables secure business operations

• Develop recommendations for continuous program improvement based on operational data and industry benchmarks

What You Need

Required Experience & Skills

• 3-5 years of experience in information security, with at least 2 years focused on data loss prevention (DLP), insider threat, or data protection technologies

• Hands-on experience with DLP tools (e.g., Forcepoint, Symantec, McAfee, Digital Guardian, Microsoft Purview, or other enterprise DLP solutions)

• Proven DLP administration skills: configuring policies, tuning detection rules, managing agents, generating reports, and performing incident investigations

• Strong understanding of data classification methodologies, sensitive data types (PII, PHI, PCI, IP, credentials), and regex/pattern matching for content inspection

• Experience with incident response processes, forensic investigation techniques, and security event escalation workflows

• Knowledge of compliance frameworks and regulations: GDPR, HIPAA, PCI-DSS, SOX, and their data protection requirements

Technical Proficiency

• Strong analytical skills - ability to analyze complex, multivariate security problems and use systematic approaches to reach resolution

• Experience with SIEM platforms, SOAR tools, or log analysis software (Splunk, ELK, Tines etc)

• Familiarity with User and Entity Behavior Analytics (UEBA) and behavioral risk indicators

• Understanding of endpoint security, including macOS, Windows, and browser platforms

• Knowledge of SaaS security, CASB solutions, and cloud application architectures (Office 365, Google Workspace, Slack, GitHub, Salesforce, etc.)

• Basic scripting skills (Python, PowerShell, Bash) for automation and data analysis

Bonus Points

• Prior experience with Nightfall, Cyberhaven, Code42, DTEX, Proofpoint, or similar DLP/insider risk platforms

• Background in Security Operations Center (SOC) operations, threat hunting, or blue team activities

• Knowledge of machine learning/AI-based detection systems and how they improve upon traditional pattern-matching approaches

• Understanding of API security, OAuth flows, and integration architectures for SaaS platforms

• Contributions to security community: blog posts, speaking engagements, open-source projects, or threat research