Staples is business to business. You’re what binds us together.

Our digital solutions team is more than a traditional IT organization. We are passionate, collaborative, agile, inventive, and customer-centric problem solvers. We thrive on intellectual curiosity and embrace technological advancements to drive Staples forward. By anticipating the needs of our customers and business partners, we deliver reliable, customer-focused technology services that empower business growth.

The Senior Cybersecurity Engineer – Data Security is responsible for designing, implementing, and operating advanced data protection controls that safeguard sensitive information across on-premises environments, cloud platforms, and SaaS applications. This role focuses on enterprise data discovery, classification, data loss prevention (DLP), and emerging AI-related data protection risks. You will collaborate closely with cross-functional teams—including cloud engineering, endpoint, identity, legal, privacy, and compliance—to ensure data governance and security controls are aligned with regulatory requirements, business needs, and evolving usage patterns. This is a high-impact role requiring deep technical expertise, analytical skills, and the ability to design scalable solutions that reduce the risk of data exposure and misuse.

What you’ll be doing:

Data Discovery & Classification:

• Lead enterprise-wide discovery and classification of sensitive data across file shares, databases, endpoints, cloud storage, and SaaS platforms.
• Design and implement automated classification strategies using content inspection, metadata analysis, and machine‑learning techniques.
• Maintain classification schemas aligned to corporate policies and regulatory frameworks (PCI, SOX, NIST, HIPAA where applicable).
• Partner with data owners to validate classification accuracy and continuously refine detection logic and tuning.

Data Loss Prevention (DLP):

• Architect, deploy, and manage DLP capabilities across endpoints, email, collaboration tools, cloud applications, and web traffic.
• Implement and operate Microsoft Purview DLP, including sensitivity labeling and integrations with Exchange, SharePoint, OneDrive, Teams, and endpoint enforcement.
• Evaluate and integrate additional DLP and DSPM solutions as needed.
• Develop and maintain detection rules, risk‑based policies, alerting, and dashboards to monitor data movement and potential exfiltration.
• Triage DLP events, investigate false positives, and partner with business stakeholders to balance control strength with productivity.

AI & Emerging Data Protection:

• Define and operationalize data protection controls for generative AI and LLM‑based platforms (Copilot, chat-based tools, third‑party AI services).
• Assess risks related to AI data ingestion, training, prompting, and output handling.
• Implement safeguards to prevent sensitive data from being exposed to unauthorized AI models or external services.
• Stay current on evolving AI security threats, regulations, and industry best practices.

Security Engineering & Architecture:

• Design resilient, scalable data protection architectures across hybrid and cloud environments.
• Integrate data security controls with identity, endpoint protection, CASB/SSE, SIEM, and other monitoring platforms.
• Contribute to enterprise security standards, patterns, and reference architectures.
• Support secure adoption of new technologies and business initiatives involving sensitive information.

Incident Response, Monitoring & Compliance:

• Investigate data security incidents, including analysis of DLP events, forensic support, and remediation recommendations.
• Produce documentation and evidence for audits, assessments, and regulatory inquiries.
• Develop metrics and reporting on DLP effectiveness, data exposure trends, and risk reduction outcomes.
• Participate in tabletop exercises and drive continuous improvement of data security processes.

What you bring to the table:

• Strong analytical and problem-solving skills with the ability to diagnose complex and novel scenarios.

• Ability to influence, negotiate, and drive consensus across diverse stakeholders.

• Excellent written and verbal communication skills and a high level of initiative and ownership.

• Adaptability to shifting priorities and emerging technologies, plus strong organizational skills to manage multiple projects simultaneously.

What’s needed- Basic Qualifications:

• Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field or equivalent work experience.

• 7+ years of progressively responsible experience in cybersecurity, data protection, or information security engineering.

• 3+ years of hands-on experience with DLP technologies (e.g., MS Purview), endpoint/network DLP platforms (e.g. MS Defender, CrowdStrike).

• Demonstrated experience designing or operating data classification programs.

• Hands-on experience integrating data security controls with identity and endpoint security platforms.

• Experience supporting hybrid environments (on-premises and cloud).

• Knowledge of regulatory frameworks (PCI, NIST).

• Ability to operate independently and lead mid- to large-scale technical initiatives.

What’s needed- Preferred Qualifications:

• Experience with Data Security Posture Mgmt. (DSPM) tools (e.g. BigID, Netskope, Varonis, Concentric AI, Securiti, Sentra, Cyera).

• Experience securing generative AI or LLM-based platforms.

• Microsoft Purview Information Protection or Security certifications.

• CISSP, CISM, CCSP, or GIAC-related cybersecurity certifications.

• Experience scripting or automating workflows (PowerShell, Python).

• Experience leading data security architecture design in large enterprises.

• Experience with Cloud Access Security Broker (CASB)/Security Service Edge (SSE) platforms and cloud security frameworks.

We Offer:

• Inclusive culture with associate-led Business Resource Groups

• 22 days of PTO and Holiday Schedule (7 observed paid holidays + 1 floating holiday)

• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The salary range represents the expected compensation for this role at the time of posting. The specific base pay may be influenced by a variety of factors to include the candidate's experience, skill set, education, geography, business considerations, and internal equity. In addition to base pay, this role may be eligible for bonuses, or other forms of variable compensation.

---

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, age, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.