Senior Data Protection Engineer (Trellix)

Barbaricum is a rapidly growing government contractor providing leading-edge support to federal customers, with a particular focus on Defense and National Security mission sets. We leverage more than 17 years of support to stakeholders across the federal government, with established and growing capabilities across Intelligence, Analytics, Engineering, Mission Support, and Communications disciplines. Founded in 2008, our mission is to transform the way our customers approach constantly changing and complex problem sets by bringing to bear the latest in technology and the highest caliber of talent.

Headquartered in Washington, DC's historic Dupont Circle neighborhood, Barbaricum also has a corporate presence in Tampa, FL, Bedford, IN, and Dayton, OH, with team members across the United States and around the world. As a leader in our space, we partner with firms in the private sector, academic institutions, and industry associations with a goal of continually building our expertise and capabilities for the benefit of our employees and the customers we support. Through all of this, we have built a vibrant corporate culture diverse in expertise and perspectives with a focus on collaboration and innovation. Our teams are at the frontier of the Nation's most complex and rewarding challenges. Join our team.

Barbaricum is seeking a Data Protection Engineer specializing in Trellix DLP to support endpoint security within classified USSOCOM environments. This role will design and administer endpoint data protection policies to prevent unauthorized data exfiltration across sensitive networks.

The selected candidate will implement and maintain enterprise endpoint DLP tools to protect sensitive data and enforce device control policies within classified network environments.

Responsibilities:

• Design and implement Trellix DLP Endpoint policies using ePolicy Orchestrator (ePO).
  • Configure device control and data transfer policies across classified workstations.
  • Develop custom data detection rules and regex-based identifiers for identifying sensitive information.
  • Manage policy deployment and updates within air-gapped network environments.
  • Integrate endpoint DLP with enterprise security systems including proxy inspection tools and secure file transfer platforms.
  • Investigate and triage DLP alerts and incidents in coordination with SOC teams.
  • Support log integration with enterprise monitoring platforms such as Splunk.

Required Qualifications:

• Active DoD Top Secret clearance with SCI eligibility.
  • Master’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
  • 10+ years of relevant technical experience.
  • Extensive hands-on experience administering Trellix (McAfee) ePolicy Orchestrator (ePO) and DLP Endpoint solutions.
  • Strong expertise implementing device control policies for removable media and peripheral devices.
  • Experience creating custom detection logic using regex and classification rules.
  • Ability to troubleshoot endpoint security agent conflicts and system performance issues.

Preferred Qualifications:

• Experience operating security systems within air-gapped or classified environments (e.g., JWICS or SAP networks).
  • Knowledge of Trellix Endpoint Security (ENS), Threat Intelligence Exchange (TIE), or Data Exchange Layer (DXL).
  • Familiarity with data classification platforms and integrations such as Kiteworks or Boldon James.
  • Experience using Splunk for security monitoring and log analysis.

Certifications:

• Required: CompTIA Security+ CE (DoD 8570 IAT Level II).
  • Preferred: Trellix Certified Specialist – Data Loss Prevention (DLP) or equivalent certification.

EEO Commitment

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.