Job Description

The Security Engineer – Insider Threat & Data Protection (DLP) is responsible for implementing, managing, and enhancing data protection and insider threat detection technologies that safeguard Mattel’s global enterprise. This role focuses on the design, deployment, and optimization of DLP solutions and insider threat monitoring tools to prevent data misuse and unauthorized access to sensitive information. The ideal candidate combines technical expertise with analytical and investigative skills to detect, respond to, and mitigate insider risks while maintaining trust, privacy, and compliance across the organization.

Roles and Responsibilities

• Implement and manage enterprise Data Loss Prevention (DLP) and insider threat detection platforms across Mattel’s global environments.

• Develop, refine, and maintain DLP and insider threat policies, rulesets, and controls to detect and prevent data exfiltration or misuse.

• Integrate DLP and insider threat systems with identity management, SIEM, and cloud security tools to enhance correlation and visibility.

• Collaborate with Legal, HR, and Compliance teams to ensure monitoring aligns with ethical, privacy, and regulatory requirements.

• Analyze user activity and alerts to identify abnormal or risky behaviors indicative of potential insider threats.

• Investigate incidents related to data misuse, exfiltration, or leakage, ensuring accurate documentation and timely escalation.

• Develop dashboards and performance metrics to measure data protection efficacy and program maturity.

• Collaborate with IT, Infrastructure, and Security Operations teams to enable secure collaboration and data exchange across enterprise systems.

• Maintain up-to-date documentation, playbooks, and standard operating procedures (SOPs) for DLP operations and insider threat response.

• Evaluate new data protection and user behavior analytics tools to strengthen detection, prevention, and automation capabilities.

• Ensure DLP systems and insider threat tools are maintained within defined SLAs and operational best practices.

• Participate in incident reviews, lessons-learned sessions, and continuous improvement initiatives to enhance data security posture.

• Stay informed on evolving data protection regulations, frameworks, and technologies to align enterprise controls with industry standards.

Skills and Qualifications

Required:

• 3–5 years of experience in security engineering, data protection, or insider threat monitoring within enterprise environments.

• Hands-on experience managing Data Loss Prevention (DLP) and insider threat detection platforms across endpoints, email, cloud, and network layers.

• Strong understanding of data classification, data handling policies, and access control methodologies.

• Knowledge of endpoint, network, and cloud DLP technologies and their integration within enterprise systems.

• Experience analyzing user activity and data movement to identify anomalous or suspicious behavior.

• Familiarity with data protection regulations including GDPR, CCPA, and global privacy are the best practices.

• Proficiency in scripting and automation (Python, PowerShell, or similar) for tuning policies and managing alerts.

• Ability to collaborate across Legal, HR, Compliance, and IT functions to align insider threat activities with organizational priorities.

• Excellent analytical, problem-solving, and communication skills with a strong investigative mindset.

• Adaptable and detail-oriented with the ability to manage sensitive investigations discreetly in a fast-paced global environment.

Preferred:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent experience).

• Certifications such as GCITP, CCITP, CDPSE, or other data protection and insider threat credentials.

• Experience with CASB solutions, cloud data protection tools, Microsoft 365 and Google Workspace DLP modules.

• Understanding of the MITRE ATT&CK framework for insider threat and data exfiltration use cases.

• Experience automating DLP reporting and integrating user behavior analytics for enhanced visibility.

• Knowledge of forensics processes for investigating insider-driven incidents and data breaches.