Data Security Engineer (DRM Specialist) Senior, Zero Trust P

TopSecret AND Device.State = Compliant"). Key Management: Manage the lifecycle of encryption keys (Bring Your Own Key - BYOK, Customer Managed Keys) ensuring FIPS 140-2/3 compliance and availability across hybrid and air-gapped environments. Secure Collaboration: Configure advanced DRM features such as SafeVIEW and SafeEDIT in Kiteworks to allow users to view and edit sensitive documents in a secure, containerized stream without the data ever leaving the controlled repository. Policy Enforcement: Define and enforce "Rights Management" controls, specifically preventing actions like Copy/Paste, Screen Capture, and Printing for documents tagged with specific sensitivity labels (e.g., CUI, Secret/NoForn). Requirements Qualifications Minimum Clearance Required to Start Active Top-Secret clearance with SCI eligibility. Education Senior Level: Master of Science (MS) degree in Cybersecurity, Computer Science, Mathematics (Cryptography focus), or a related technical field. Required Experience & Skills ("Must-Haves") Senior Level: 10+ years of related technical experience. DRM Expertise: Extensive hands-on experience (5+ years) designing and administering Enterprise Digital Rights Management (EDRM) or Information Rights Management (IRM) systems, specifically Kiteworks, Microsoft Azure Information Protection (AIP/RMS), or Virtru. Encryption Standards: Deep understanding of cryptographic protocols (AES-256, RSA), Public Key Infrastructure (PKI), and Key Management Service (KMS) operations. Policy Logic: Proven ability to design complex Attribute-Based Access Control (ABAC) logic and Conditional Access policies. Cross-Domain Knowledge: Understanding of how encryption travels across Cross-Domain Solutions (CDS) and the challenges of key management in air-gapped networks. Preferred Experience & Skills ("Nice-to-Haves") Experience with Hardware Security Modules (HSM) (e.g., Thales, Entrust). Knowledge of NIST SP 800-53 controls related to System and Information Integrity (SI) and Media Protection (MP). Experience integrating DRM tools with SailPoint for identity attribute consumption. Kiteworks Administrator Certification. Certifications Required: CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements. Preferred: Microsoft Information Protection Administrator (SC-400). Preferred: Certified Information Systems Security Professional (CISSP). Equal Opportunity Employer, including disability and protected veteran status group id: 10327226 Apply now