Remotery

Senior Technical Data Security Architect

Posted May 22

This is a fully remote position, open to applicants in California.

📋 Description

• Create and sustain comprehensive data security architecture spanning Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform.

• Establish and uphold enterprise data classification, labeling, and handling protocols in accordance with Microsoft Purview Information Protection.

• Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers.

• Facilitate threat modeling sessions for data pipelines and analytics workloads, proactively identifying and addressing risks.

• Implement a Zero Trust data security framework across all data platforms and integration points.

• Design and oversee data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security.

• Formulate role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL.

• Operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data environments.

• Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure.

• Supervise encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest/data-in-transit encryption standards.

• Collaborate with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication.

• Lead the deployment and refinement of Microsoft Defender for Cloud data security posture management (DSPM) capabilities.

• Architect and establish Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, encompassing metastore design, catalog/schema/table-level permissions, and row/column-level security.

• Design security for Databricks workspaces including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists.

• Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID.

• Implement dynamic data masking and column-level security policies within Unity Catalog to safeguard PII, PHI, and sensitive financial data.

• Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies through Databricks system tables.

• Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes.

• Conduct security evaluations of MLflow models and Feature Store configurations to mitigate data leakage risks in ML pipelines.

• Ensure data platform compliance with applicable regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS.

• Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms.

• Perform routine security risk assessments, gap analyses, and maturity evaluations of the data security program.

• Develop and maintain security runbooks, policies, and standards documentation for data platform operations.

• Coordinate with legal, compliance, and privacy teams to address data subject access requests (DSARs) and regulatory inquiries.

• Act as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle.

• Lead security architecture review boards for new data projects, third-party data integrations, and significant platform changes.

• Create and guide a structured mentoring program for junior and mid-level engineers and architects, offering one-on-one coaching, career guidance, and tailored skills development roadmaps.

• Organize regular knowledge-sharing sessions, lunch-and-learns, and internal workshops to enhance team skills regarding evolving data security threats, tools, and compliance requirements within the Microsoft and Databricks ecosystems.

• Collaborate with engineering managers and HR to establish data security competency frameworks, leveling guides, and certification pathways that promote talent development and retention across the data platform organization.

• Build and sustain a community of practice around data security, encouraging peer learning, a documentation culture, and cross-team collaboration on common security challenges and architectural patterns.

• Work with SecOps and SOC teams to create data-specific detection rules, incident response playbooks, and forensic investigation capabilities.

• Present security posture, risk findings, and remediation strategies to executive leadership and board-level stakeholders.


⛳️ Requirements

• Over 5 years of experience in data engineering, data architecture, or information security, with at least 5 years dedicated to data security architecture.

• Extensive hands-on expertise with Microsoft Azure data services: Azure Data Lake Storage Gen2, Azure Synapse Analytics, Azure Data Factory, Azure SQL Database, and Microsoft Fabric.

• Proven experience in designing and implementing Databricks Unity Catalog, including workspace federation, metastore design, and fine-grained access control.

• Strong proficiency in Microsoft Purview, including data map configuration, classification rules, sensitivity labels, and policy enforcement.

• Expert-level knowledge of Azure identity and access management: Entra ID, Managed Identities, Conditional Access, PIM, and service principal governance.

• Practical experience with Azure Key Vault, customer-managed encryption keys, and secrets management integration with data platforms.

• Comprehensive understanding of data governance frameworks and data security principles including Zero Trust, least privilege, and data minimization.

• Experience with regulatory compliance programs (GDPR, CCPA, HIPAA, SOC 2, PCI-DSS) as they relate to data platforms.

• Proficiency in SQL and at least one programming/scripting language (Python, PySpark, PowerShell, or Terraform) utilized for security automation.

• Exceptional written and verbal communication skills, capable of conveying complex security concepts to both technical and non-technical audiences.

• Demonstrated experience securing data workloads across multi-cloud environments (Azure, AWS, and/or GCP), including cross-cloud data governance, identity federation, and consistent application of security policies across diverse cloud estates.

• Practical experience with Snowflake data security, including Snowflake RBAC/DAC models, column-level and row-level security policies, dynamic data masking, network policies, Private Link configuration, and Snowflake Data Sharing governance controls.

• Proven ability to support presales activities, including leading technical discovery sessions, contributing to RFP/RFI responses, delivering solution demonstrations, and drafting security architecture sections for client-facing proposals and statements of work.


🏝️ Benefits

• Primarily remote workforce (U.S. based only, some travel may be necessary for certain roles, and on-site work may be required for Federal positions).

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint covers 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employee's premiums and 75% for family plans (spouse/children/family). If you opt for the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options).

• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans.

• 12 corporate holidays and a Flexible Time Off (FTO) program.

• Healthy allowance for mobile phone and home internet.

• Eligibility for retirement plan after 2 months during open enrollment.

• Pet Benefit Option.

People also viewed

Maze4 days ago

Security Research Lead

EuropeFull-timeCybersecurity / Security Engineer
ApplyView job
Longbow Advantage4 days ago

Head of Infrastructure, Security

CA flagCanada OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Casas Bahia Tecnologia5 days ago

Endpoint Security & PAM Specialist

Anywhere in the WorldFull-timeCybersecurity / Security Engineer
ApplyView job
Switzerland Global Enterprise5 days ago

Staff Auditor – Digital Technology, Cybersecurity

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$104.5k – $174k/year
ApplyView job
Lincoln Financial5 days ago

Claims Examiner II – Social Security

US flagConnecticut, +3 more statesFull-timeCybersecurity / Security Engineer$23 – $31/hour
ApplyView job
Ensono6 days ago

Senior Security Engineer

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer$112k – $130k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers