About Nightfall:Nightfall is the AI-native, unified data loss prevention and insider risk management platform that protects sensitive data across SaaS apps, GenAI tools, email, endpoint devices, and more. Hundreds of customers, spanning AI innovators to top 10 banks, trust Nightfall to detect and stop data exfiltration at scale. Nightfall enables organizations to innovate freely without the risks of losing intellectual property or exposing customer data. Our agentic platform helps security teams regain their time by putting data loss prevention on autopilot. With automatic remediation, security violations can be resolved automatically before they become incidents, and end-users can be automatically trained and coached in the moment to self-heal violations that they introduce.Nightfall is backed by leading VC firms including Bain Capital Ventures (Enrique Salem - former CEO of Symantec), Venrock (early investors in Cloudflare), WestBridge Capital, Pear VC (early investors in Dropbox and Doordash), and a cadre of cybersecurity leaders including Frederic Kerrest (founder of Okta), Maynard Webb (former COO of eBay), Ryan Carlson (President of Chainguard), Kevin Mandia (founder of Mandiant), and many others.About the role:As a DLP Analyst at Nightfall, you'll be at the forefront of protecting our customers' most sensitive data. You'll become an expert on Nightfall's DLP platform, working directly with security teams to operationalize data loss prevention across their organizations. This is a hands-on role that combines technical depth, investigative skills, and customer obsession to help enterprises detect, investigate, and prevent data exfiltration incidents while maintaining employee productivity.You'll work closely with customers' security operations teams to monitor data movement, investigate alerts, tune detection policies, and provide strategic guidance on insider threat mitigation. This role requires someone who can balance technical precision with business judgment - understanding when an alert represents a genuine security incident versus legitimate business activity.Key ResponsibilitiesAlert Monitoring & Incident ResponseMonitor and analyze DLP alerts across endpoint, browsers, SaaS, and AI applications to identify potential data exfiltration events, policy violations, and insider threatsConduct real-time triage of security alerts, distinguishing between true positives and false positives using behavioral context, data lineage analysis and sensitive findingsPerform detailed forensic investigations into data loss incidents, analyzing user activity, data movement patterns, and exfiltration vectors (email, web uploads, removable storage, print, source code exfiltration, desktop apps, GenAI apps etc.)Understand and follow incident response processes and escalation procedures, coordinating with customer incident response teams on high-severity casesDocument investigation findings, evidence trails, and remediation recommendations with clear, actionable reportsPolicy Development & OptimizationConfigure and maintain DLP policies based on customer data classification schemes, compliance requirements (GDPR, HIPAA, PCI-DSS, SOX), and business objectivesContinuously tune detection rules and sensitivity thresholds to reduce false positives while maintaining high detection accuracyIdentify patterns in alert data to recommend new use cases, detection methods, and policy improvementsWork with customers to develop custom detection policies for industry-specific sensitive data types and unique organizational requirementsEstablish baselines for normal user behavior by role, department, and geography to improve anomaly detectionCustomer Collaboration & AdvisoryServe as a trusted technical advisor and subject matter expert on data protection, DLP best practices, and insider threat managementConduct regular operational reviews with customers to share insights on data risk trends, policy effectiveness, and program maturityEducate customer security teams on using Nightfall's platform effectively, including investigation workflows, reporting capabilities, onboarding and deployment best practicesUnderstand customer business context to deliver relevant, actionable security guidance - not just alerts, but answers to "why this matters" and "what to do next"Platform Administration & Technical SupportAdminister Nightfall's DLP solution including agent deployment, policy configuration, integration setup, and performance monitoringTroubleshoot technical issues with endpoint agents, browser extensions, SaaS integrationsWork with Nightfall engineering teams to report bugs, provide product feedback, and contribute to feature development based on customer needsStay current on Nightfall platform updates, new capabilities, and best practices to maximize value for customersCoordinate with internal teams (Sales Engineering, Customer Success, Product) to ensure successful customer outcomesThreat Intelligence & ResearchStay informed about emerging insider threat trends, data exfiltration techniques, and adversary tactics, techniques, and procedures (TTPs)Analyze external DLP market developments and competitive intelligence to inform customer guidanceContribute to Nightfall's insider risk intelligence by documenting novel attack patterns, evasion techniques, and detection methodsReporting & MetricsCompile and deliver executive-level reports with clear metrics, data visualizations, and risk assessmentsTrack key performance indicators: detection accuracy, false positive rates, mean time to detect/respond, policy coverage, data at riskProvide business impact analysis showing how DLP program prevents data loss, supports compliance, and enables secure business operationsDevelop recommendations for continuous program improvement based on operational data and industry benchmarksWhat You NeedRequired Experience & Skills3-5 years of experience in information security, with at least 2 years focused on data loss prevention (DLP), insider threat, or data protection technologiesHands-on experience with DLP tools (e.g., Forcepoint, Symantec, McAfee, Digital Guardian, Microsoft Purview, or other enterprise DLP solutions)Proven DLP administration skills: configuring policies, tuning detection rules, managing agents, generating reports, and performing incident investigationsStrong understanding of data classification methodologies, sensitive data types (PII, PHI, PCI, IP, credentials), and regex/pattern matching for content inspectionExperience with incident response processes, forensic investigation techniques, and security event escalation workflowsKnowledge of compliance frameworks and regulations: GDPR, HIPAA, PCI-DSS, SOX, and their data protection requirementsTechnical ProficiencyStrong analytical skills - ability to analyze complex, multivariate security problems and use systematic approaches to reach resolutionExperience with SIEM platforms, SOAR tools, or log analysis software (Splunk, ELK, Tines etc)Familiarity with User and Entity Behavior Analytics (UEBA) and behavioral risk indicatorsUnderstanding of endpoint security, including macOS, Windows, and browser platformsKnowledge of SaaS security, CASB solutions, and cloud application architectures (Office 365, Google Workspace, Slack, GitHub, Salesforce, etc.)Basic scripting skills (Python, PowerShell, Bash) for automation and data analysisBonus PointsPrior experience with Nightfall, Cyberhaven, Code42, DTEX, Proofpoint, or similar DLP/insider risk platformsBackground in Security Operations Center (SOC) operations, threat hunting, or blue team activitiesKnowledge of machine learning/AI-based detection systems and how they improve upon traditional pattern-matching approachesUnderstanding of API security, OAuth flows, and integration architectures for SaaS platformsContributions to security community: blog posts, speaking engagements, open-source projects, or threat researchEnvironmentNightfall AI takes pride in being an equal-opportunity employer. We value a diverse and global talent pool and the collaboration that results from having a diverse and inclusive team. All applicants will be considered for employment without attention to race, color, religion
