ProofPoint Email Security Engineer

Key Responsibilities

• Deploy, and scale Proofpoint Email Protection, TAP (Targeted Attack Protection), and DLP modules across the enterprise.
• Design mail flow topologies, routing rules, and failover configurations for high availability and resilience.
• Engineer email authentication infrastructure (SPF, DKIM, DMARC) including policy enforcement and ongoing alignment validation.

DLP Engineering

• Develop and maintain sophisticated DLP policies, content classifiers, smart identifiers, and dictionaries to protect sensitive data (PII, PCI, PHI, IP).
• Build policy frameworks that balance security controls with business workflow requirements.
• Engineer automated remediation workflows for DLP violations in collaboration with IT and Compliance.
• Define data classification schemas and integrate them into enforcement logic within Proofpoint.

Integrations & Automation

• Build and maintain integrations between Proofpoint and downstream systems - SIEM (XSIAM), SOAR platforms, ticketing systems (ServiceNow, Jira), and threat intelligence feeds.
• Develop automation pipelines using Proofpoint APIs and scripting (Python, PowerShell) to streamline alert triage, reporting, and policy management.
• Integrate Proofpoint with Microsoft 365 / Google Workspace environments, including hybrid mail flow configurations.

Cross-functional Collaboration

• Partner with Security Architecture, SOC, and Compliance to ensure email security controls meet regulatory and business requirements (GDPR, HIPAA, SOX, CCPA).
• Provide engineering guidance during audits, RFPs, and third-party assessments.
• Mentor junior security team members on email security concepts and platform internals.

Preferred Qualifications

• 5+ years of experience in security engineering, with significant hands-on ownership of Proofpoint in an enterprise environment.
• Experience with Proofpoint TAP, TRAP, CASB, or Proofpoint Information and Cloud Security (PICS).
• Proofpoint Certified Administrator or Engineer certification.
• Experience with Microsoft 365 Defender for Office 365 or Google Workspace security in hybrid environments.
• Familiarity with cloud-native security architectures (AWS SES, Azure Communication Services).
• Exposure to zero-trust email security models and advanced header analysis.
• Security certifications: CISSP, GCIA, GPEN, or equivalent.

Work model

Hybrid

We strive to provide flexibility wherever possible. Based on this role's business requirements, this is a hybrid position open to qualified applicants in Canada. Regardless of your working arrangement, we are here to support a healthy work-life balance though our various wellbeing programs.

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you're engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

Please note, this role is not able to offer visa transfer or sponsorship now or in the future

Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.