Founded in 2011 and headquartered in Herndon, Virginia, GuidePoint Security furnishes commercial and federal organizations with customized information security solutions to help cl
Senior Technical Data Security Architect
Location
California
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior Technical Data Security Architect
GuidePoint Security
• Design and maintain end-to-end data security architecture across Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform. • Define and enforce enterprise data classification, labeling, and handling standards aligned with Microsoft Purview Information Protection. • Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers. • Lead threat modeling sessions for data pipelines and analytics workloads, identifying and mitigating risks proactively. • Establish a Zero Trust data security model across all data platforms and integration points. • Architect and govern data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security. • Design role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL. • Implement and operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data estates. • Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure. • Oversee encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest / data-in-transit encryption standards. • Partner with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication. • Lead the implementation and tuning of Microsoft Defender for Cloud data security posture management (DSPM) capabilities. • Architect and implement Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, including metastore design, catalog/schema/table-level permissions, and row/column-level security. • Design Databricks workspace security including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists. • Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID. • Implement dynamic data masking and column-level security policies within Unity Catalog to protect PII, PHI, and sensitive financial data. • Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies via Databricks system tables. • Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes. • Conduct security reviews of MLflow models and Feature Store configurations to address data leakage risks in ML pipelines. • Ensure data platform compliance with relevant regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS where applicable. • Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms. • Conduct regular security risk assessments, gap analyses, and maturity evaluations of the data security program. • Develop and maintain security runbooks, policies, and standards documentation for data platform operations. • Coordinate with legal, compliance, and privacy teams to respond to data subject access requests (DSARs) and regulatory inquiries. • Serve as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle. • Lead security architecture review boards for new data initiatives, third-party data integrations, and major platform changes. • Develop and lead a structured mentoring program for junior and mid-level engineers and architects, providing one-on-one coaching, career guidance, and skills development roadmaps tailored to each individual’s growth goals. • Conduct regular knowledge-sharing sessions, lunch-and-learns, and internal workshops to upskill teams on evolving data security threats, tooling, and compliance requirements across the Microsoft and Databricks ecosystems. • Partner with engineering managers and HR to define data security competency frameworks, leveling guides, and certification pathways that support talent development and retention across the data platform organization. • Establish and maintain a community of practice around data security, fostering peer learning, documentation culture, and cross-team collaboration on shared security challenges and architectural patterns. • Collaborate with SecOps and SOC teams to build data-specific detection rules, incident response playbooks, and forensic investigation capabilities. • Present security posture, risk findings, and remediation roadmaps to executive leadership and board-level stakeholders.
Job Requirements
- 5+ years of experience in data engineering, data architecture, or information security, with at least 5 years focused on data security architecture.
- Deep hands-on expertise with Microsoft Azure data services: Azure Data Lake Storage Gen2, Azure Synapse Analytics, Azure Data Factory, Azure SQL Database, and Microsoft Fabric.
- Demonstrated expertise in designing and implementing Databricks Unity Catalog, including workspace federation, metastore design, and fine-grained access control.
- Strong proficiency with Microsoft Purview, including data map configuration, classification rules, sensitivity labels, and policy enforcement.
- Expert-level knowledge of Azure identity and access management: Entra ID, Managed Identities, Conditional Access, PIM, and service principal governance.
- Hands-on experience with Azure Key Vault, customer-managed encryption keys, and secrets management integration with data platforms.
- Solid understanding of data governance frameworks and data security principles including Zero Trust, least privilege, and data minimization.
- Experience with regulatory compliance programs (GDPR, CCPA, HIPAA, SOC 2, PCI-DSS) as applied to data platforms.
- Proficiency in SQL and at least one programming/scripting language (Python, PySpark, PowerShell, or Terraform) used for security automation.
- Strong written and verbal communication skills with the ability to articulate complex security concepts to technical and non-technical audiences.
- Demonstrated experience securing data workloads across multi-cloud environments (Azure, AWS, and/or GCP), including cross-cloud data governance, identity federation, and consistent enforcement of security policies across heterogeneous cloud estates.
- Hands-on experience with Snowflake data security, including Snowflake RBAC/DAC models, column-level and row-level security policies, dynamic data masking, network policies, Private Link configuration, and Snowflake Data Sharing governance controls.
- Proven ability to support presales activities, including leading technical discovery sessions, contributing to RFP/RFI responses, delivering solution demonstrations, and authoring security architecture sections of client-facing proposals and statements of work.
Benefits
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Lead and develop the Security Architecture & Assurance team, setting direction, priorities, and operating standards • Ensure high-quality delivery across architecture reviews, assurance activities, and risk assessments • Build capability across cloud security, application security, and assurance methodologies • Act as the escalation point for complex or high-risk security decisions • Define and enforce secure architecture standards, reference patterns, and mandatory security controls • Review and approve security-relevant designs and major technical changes • Embed security throughout delivery lifecycles rather than as a late-stage control gate • Develop and maintain security standards, architecture principles, and governance frameworks • Drive consistent, risk-aware decision-making and remediation tracking • Identify and assess security risks early within design and delivery processes • Provide pragmatic mitigation strategies balancing security, resilience, cost, and delivery priorities
Head of Security
Label Your Data – Data Annotation & LabelingData annotation & labeling for Computer Vision, NLP & LLMs. Bringing high quality performance for ML teams & datasets.
• Build and develop the company’s security function from the ground up; • Define and implement security processes, policies, and operational standards; • Partner with the group-level security department while establishing independent security ownership within Label Your Data; • Participate in security audits, client security reviews, DPA processes, questionnaires, and compliance-related activities; • Establish and improve access management and security monitoring practices; • Participate in infrastructure and application security initiatives together with technical teams; • Oversee and improve the company’s security stack (EDR, SIEM, VPN/ZTNA, DLP, NGFW, etc.); • Investigate security gaps, operational weaknesses, and incident-related risks; • Validate technical solutions from a security perspective; • Create SOPs, internal security procedures, and operational frameworks; • Own security-related documentation and internal processes; • Shape the future security team, starting with Security Operations / Application Security; • Contribute to long-term security strategy and overall security maturity growth of the company.
Manager, Network Security
Lumin DigitalLumin Digital is a fintech company specializing in cloud native digital banking solutions.
• Build, lead, and mentor a team of senior Network Security Software Engineers — owning the hiring process, setting role expectations, and onboarding engineers into a newly established function. • Define and continuously mature the network security program — establishing policies, standards, runbooks, and roadmaps across cloud infrastructure, corporate IT, and third-party connectivity; own network segmentation strategy across product and environment boundaries. • Serve as the primary escalation point for architectural decisions and cross-functional scope disputes — maintaining clear lines of authority as the function establishes itself within the broader engineering organization. • Partner with the Director of Risk Engineering to communicate program status, risk posture, and investment needs; contribute to security strategy reporting to senior leadership. • Own Lumin's network security architecture strategy and change management model across cloud, SD-WAN, and ZTNA layers — designing identity-aware, policy-driven controls that secure both human and machine (agent) identities, and setting the standard for fully automated, audit-ready change delivery. • Serve as the program-level authority for the team's network security tooling and automation initiatives — writing, reviewing, and iterating on engineering specifications that drive AI-assisted coding workflows; validating software outputs for correctness and security soundness, applying hands-on expertise that engineering tools alone cannot provide.
Enterprise Sales Executive, Managed Security Services
VikingCloudVikingCloud, founded in 1989, is a global cybersecurity and compliance company headquartered in Chicago, Illinois, with additional offices in Dublin, serving more than 4 million bu
• Identify, prospect, and develop new enterprise sales opportunities in cybersecurity, compliance, and managed security services. • Develop and execute a strategic sales plan to meet or exceed revenue targets. • Lead the specialists sales team in coordinated account strategies. • Build and maintain strong relationships with key decision-makers and stakeholders at enterprise level companies. • Conduct in-depth needs assessments to recommend appropriate VikingCloud solutions tailored to customer requirements. • Manage the full sales cycle from lead generation to contract negotiation and closing. • Collaborate with internal teams, including marketing, technical pre-sales, and customer success, to ensure customer satisfaction and retention. • Stay updated on industry trends, competitive landscape, and emerging security threats to provide consultative sales expertise. • Maintain accurate sales forecasts and CRM records.
