
Senior Technical Data Security Architect
Posted May 22

Posted May 22
This is a fully remote position, open to applicants in California.
• Create and sustain comprehensive data security architecture spanning Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform.
• Establish and uphold enterprise data classification, labeling, and handling protocols in accordance with Microsoft Purview Information Protection.
• Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers.
• Facilitate threat modeling sessions for data pipelines and analytics workloads, proactively identifying and addressing risks.
• Implement a Zero Trust data security framework across all data platforms and integration points.
• Design and oversee data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security.
• Formulate role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL.
• Operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data environments.
• Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure.
• Supervise encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest/data-in-transit encryption standards.
• Collaborate with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication.
• Lead the deployment and refinement of Microsoft Defender for Cloud data security posture management (DSPM) capabilities.
• Architect and establish Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, encompassing metastore design, catalog/schema/table-level permissions, and row/column-level security.
• Design security for Databricks workspaces including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists.
• Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID.
• Implement dynamic data masking and column-level security policies within Unity Catalog to safeguard PII, PHI, and sensitive financial data.
• Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies through Databricks system tables.
• Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes.
• Conduct security evaluations of MLflow models and Feature Store configurations to mitigate data leakage risks in ML pipelines.
• Ensure data platform compliance with applicable regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS.
• Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms.
• Perform routine security risk assessments, gap analyses, and maturity evaluations of the data security program.
• Develop and maintain security runbooks, policies, and standards documentation for data platform operations.
• Coordinate with legal, compliance, and privacy teams to address data subject access requests (DSARs) and regulatory inquiries.
• Act as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle.
• Lead security architecture review boards for new data projects, third-party data integrations, and significant platform changes.
• Create and guide a structured mentoring program for junior and mid-level engineers and architects, offering one-on-one coaching, career guidance, and tailored skills development roadmaps.
• Organize regular knowledge-sharing sessions, lunch-and-learns, and internal workshops to enhance team skills regarding evolving data security threats, tools, and compliance requirements within the Microsoft and Databricks ecosystems.
• Collaborate with engineering managers and HR to establish data security competency frameworks, leveling guides, and certification pathways that promote talent development and retention across the data platform organization.
• Build and sustain a community of practice around data security, encouraging peer learning, a documentation culture, and cross-team collaboration on common security challenges and architectural patterns.
• Work with SecOps and SOC teams to create data-specific detection rules, incident response playbooks, and forensic investigation capabilities.
• Present security posture, risk findings, and remediation strategies to executive leadership and board-level stakeholders.
• Over 5 years of experience in data engineering, data architecture, or information security, with at least 5 years dedicated to data security architecture.
• Extensive hands-on expertise with Microsoft Azure data services: Azure Data Lake Storage Gen2, Azure Synapse Analytics, Azure Data Factory, Azure SQL Database, and Microsoft Fabric.
• Proven experience in designing and implementing Databricks Unity Catalog, including workspace federation, metastore design, and fine-grained access control.
• Strong proficiency in Microsoft Purview, including data map configuration, classification rules, sensitivity labels, and policy enforcement.
• Expert-level knowledge of Azure identity and access management: Entra ID, Managed Identities, Conditional Access, PIM, and service principal governance.
• Practical experience with Azure Key Vault, customer-managed encryption keys, and secrets management integration with data platforms.
• Comprehensive understanding of data governance frameworks and data security principles including Zero Trust, least privilege, and data minimization.
• Experience with regulatory compliance programs (GDPR, CCPA, HIPAA, SOC 2, PCI-DSS) as they relate to data platforms.
• Proficiency in SQL and at least one programming/scripting language (Python, PySpark, PowerShell, or Terraform) utilized for security automation.
• Exceptional written and verbal communication skills, capable of conveying complex security concepts to both technical and non-technical audiences.
• Demonstrated experience securing data workloads across multi-cloud environments (Azure, AWS, and/or GCP), including cross-cloud data governance, identity federation, and consistent application of security policies across diverse cloud estates.
• Practical experience with Snowflake data security, including Snowflake RBAC/DAC models, column-level and row-level security policies, dynamic data masking, network policies, Private Link configuration, and Snowflake Data Sharing governance controls.
• Proven ability to support presales activities, including leading technical discovery sessions, contributing to RFP/RFI responses, delivering solution demonstrations, and drafting security architecture sections for client-facing proposals and statements of work.
• Primarily remote workforce (U.S. based only, some travel may be necessary for certain roles, and on-site work may be required for Federal positions).
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint covers 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employee's premiums and 75% for family plans (spouse/children/family). If you opt for the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options).
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans.
• 12 corporate holidays and a Flexible Time Off (FTO) program.
• Healthy allowance for mobile phone and home internet.
• Eligibility for retirement plan after 2 months during open enrollment.
• Pet Benefit Option.
Longbow Advantage
Casas Bahia Tecnologia
Switzerland Global Enterprise
Get handpicked remote jobs straight to your inbox weekly.