We help organizations make smarter cybersecurity decisions that minimize risk.
Senior Technical Data Security Architect
Location
California
Posted
51 days ago
Salary
0
Seniority
Senior
Job Description
Senior Technical Data Security Architect
GuidePoint Security
• Design and maintain end-to-end data security architecture across Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform. • Define and enforce enterprise data classification, labeling, and handling standards aligned with Microsoft Purview Information Protection. • Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers. • Lead threat modeling sessions for data pipelines and analytics workloads, identifying and mitigating risks proactively. • Establish a Zero Trust data security model across all data platforms and integration points. • Architect and govern data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security. • Design role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL. • Implement and operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data estates. • Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure. • Oversee encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest / data-in-transit encryption standards. • Partner with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication. • Lead the implementation and tuning of Microsoft Defender for Cloud data security posture management (DSPM) capabilities. • Architect and implement Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, including metastore design, catalog/schema/table-level permissions, and row/column-level security. • Design Databricks workspace security including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists. • Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID. • Implement dynamic data masking and column-level security policies within Unity Catalog to protect PII, PHI, and sensitive financial data. • Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies via Databricks system tables. • Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes. • Conduct security reviews of MLflow models and Feature Store configurations to address data leakage risks in ML pipelines. • Ensure data platform compliance with relevant regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS where applicable. • Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms. • Conduct regular security risk assessments, gap analyses, and maturity evaluations of the data security program. • Develop and maintain security runbooks, policies, and standards documentation for data platform operations. • Coordinate with legal, compliance, and privacy teams to respond to data subject access requests (DSARs) and regulatory inquiries. • Serve as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle. • Lead security architecture review boards for new data initiatives, third-party data integrations, and major platform changes. • Develop and lead a structured mentoring program for junior and mid-level engineers and architects, providing one-on-one coaching, career guidance, and skills development roadmaps tailored to each individual’s growth goals. • Conduct regular knowledge-sharing sessions, lunch-and-learns, and internal workshops to upskill teams on evolving data security threats, tooling, and compliance requirements across the Microsoft and Databricks ecosystems. • Partner with engineering managers and HR to define data security competency frameworks, leveling guides, and certification pathways that support talent development and retention across the data platform organization. • Establish and maintain a community of practice around data security, fostering peer learning, documentation culture, and cross-team collaboration on shared security challenges and architectural patterns. • Collaborate with SecOps and SOC teams to build data-specific detection rules, incident response playbooks, and forensic investigation capabilities. • Present security posture, risk findings, and remediation roadmaps to executive leadership and board-level stakeholders.
Job Requirements
- 5+ years of experience in data engineering, data architecture, or information security, with at least 5 years focused on data security architecture.
- Deep hands-on expertise with Microsoft Azure data services: Azure Data Lake Storage Gen2, Azure Synapse Analytics, Azure Data Factory, Azure SQL Database, and Microsoft Fabric.
- Demonstrated expertise in designing and implementing Databricks Unity Catalog, including workspace federation, metastore design, and fine-grained access control.
- Strong proficiency with Microsoft Purview, including data map configuration, classification rules, sensitivity labels, and policy enforcement.
- Expert-level knowledge of Azure identity and access management: Entra ID, Managed Identities, Conditional Access, PIM, and service principal governance.
- Hands-on experience with Azure Key Vault, customer-managed encryption keys, and secrets management integration with data platforms.
- Solid understanding of data governance frameworks and data security principles including Zero Trust, least privilege, and data minimization.
- Experience with regulatory compliance programs (GDPR, CCPA, HIPAA, SOC 2, PCI-DSS) as applied to data platforms.
- Proficiency in SQL and at least one programming/scripting language (Python, PySpark, PowerShell, or Terraform) used for security automation.
- Strong written and verbal communication skills with the ability to articulate complex security concepts to technical and non-technical audiences.
- Demonstrated experience securing data workloads across multi-cloud environments (Azure, AWS, and/or GCP), including cross-cloud data governance, identity federation, and consistent enforcement of security policies across heterogeneous cloud estates.
- Hands-on experience with Snowflake data security, including Snowflake RBAC/DAC models, column-level and row-level security policies, dynamic data masking, network policies, Private Link configuration, and Snowflake Data Sharing governance controls.
- Proven ability to support presales activities, including leading technical discovery sessions, contributing to RFP/RFI responses, delivering solution demonstrations, and authoring security architecture sections of client-facing proposals and statements of work.
Benefits
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Lead and develop the Security Architecture & Assurance team, setting direction, priorities, and operating standards • Ensure high-quality delivery across architecture reviews, assurance activities, and risk assessments • Build capability across cloud security, application security, and assurance methodologies • Act as the escalation point for complex or high-risk security decisions • Define and enforce secure architecture standards, reference patterns, and mandatory security controls • Review and approve security-relevant designs and major technical changes • Embed security throughout delivery lifecycles rather than as a late-stage control gate • Develop and maintain security standards, architecture principles, and governance frameworks • Drive consistent, risk-aware decision-making and remediation tracking • Identify and assess security risks early within design and delivery processes • Provide pragmatic mitigation strategies balancing security, resilience, cost, and delivery priorities
Head of Security
Label Your Data – Data Annotation & LabelingData annotation & labeling for Computer Vision, NLP & LLMs. Bringing high quality performance for ML teams & datasets.
• Build and develop the company’s security function from the ground up; • Define and implement security processes, policies, and operational standards; • Partner with the group-level security department while establishing independent security ownership within Label Your Data; • Participate in security audits, client security reviews, DPA processes, questionnaires, and compliance-related activities; • Establish and improve access management and security monitoring practices; • Participate in infrastructure and application security initiatives together with technical teams; • Oversee and improve the company’s security stack (EDR, SIEM, VPN/ZTNA, DLP, NGFW, etc.); • Investigate security gaps, operational weaknesses, and incident-related risks; • Validate technical solutions from a security perspective; • Create SOPs, internal security procedures, and operational frameworks; • Own security-related documentation and internal processes; • Shape the future security team, starting with Security Operations / Application Security; • Contribute to long-term security strategy and overall security maturity growth of the company.
Manager, Network Security
Lumin DigitalLumin Digital is a FinTech company whose innovative digital solutions help financial institutions engage their customers and grow. The company has hired in the
• Build, lead, and mentor a team of senior Network Security Software Engineers — owning the hiring process, setting role expectations, and onboarding engineers into a newly established function. • Define and continuously mature the network security program — establishing policies, standards, runbooks, and roadmaps across cloud infrastructure, corporate IT, and third-party connectivity; own network segmentation strategy across product and environment boundaries. • Serve as the primary escalation point for architectural decisions and cross-functional scope disputes — maintaining clear lines of authority as the function establishes itself within the broader engineering organization. • Partner with the Director of Risk Engineering to communicate program status, risk posture, and investment needs; contribute to security strategy reporting to senior leadership. • Own Lumin's network security architecture strategy and change management model across cloud, SD-WAN, and ZTNA layers — designing identity-aware, policy-driven controls that secure both human and machine (agent) identities, and setting the standard for fully automated, audit-ready change delivery. • Serve as the program-level authority for the team's network security tooling and automation initiatives — writing, reviewing, and iterating on engineering specifications that drive AI-assisted coding workflows; validating software outputs for correctness and security soundness, applying hands-on expertise that engineering tools alone cannot provide.
Enterprise Sales Executive, Managed Security Services
VikingCloudThe leading Predict-to-Prevent cybersecurity and compliance company.
• Identify, prospect, and develop new enterprise sales opportunities in cybersecurity, compliance, and managed security services. • Develop and execute a strategic sales plan to meet or exceed revenue targets. • Lead the specialists sales team in coordinated account strategies. • Build and maintain strong relationships with key decision-makers and stakeholders at enterprise level companies. • Conduct in-depth needs assessments to recommend appropriate VikingCloud solutions tailored to customer requirements. • Manage the full sales cycle from lead generation to contract negotiation and closing. • Collaborate with internal teams, including marketing, technical pre-sales, and customer success, to ensure customer satisfaction and retention. • Stay updated on industry trends, competitive landscape, and emerging security threats to provide consultative sales expertise. • Maintain accurate sales forecasts and CRM records.




