Jobs · Information Technology · Massachusetts

Identity and Data Security Architect

Aqueduct Technologies, Inc. · Canton, MA · 2 mo ago
HybridInformation TechnologyFull-time

Core Responsibilities

  • Data Visibility & Posture Management
  • Lead DSPM-led data discovery and posture management deployments across cloud, SaaS, and data platforms
  • Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk
  • Own the data access control plane and operate alongside secure access and network security architectures
  • Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
  • Define access models for human users, service accounts, and application and API workloads
  • Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity
  • IAM / IGA Platform Architecture & Configuration
  • Architect, configure, and validate identity and data security platforms
  • Enforcement & Data Controls
  • Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser-based control updates, and API access restrictions
  • Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
  • Implement browser- and endpoint-based data controls using secure access technologies as appropriate
  • Architect API and non-human identity security models using identity-based authentication and authorization
  • Reduce risk from token misuse, over-privileged APIs, long-lived secrets, and lateral data movement
  • Data Platform Security
  • Secure data lakes, warehouses, and lakehouses using identity-aware access, classification, and policy enforcement
  • AI / ML & LLM Workload Security
  • Design controls governing access to data used in analytics, AI/ML, and LLM-enabled workloads
  • Address AI-specific risks including data leakage, unauthorized access, and model abuse
  • Delivery Leadership & Solution Quality
  • Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
  • Ensure solutions are functional, testable, and enforceable
  • Resilience, Incident Readiness & Recovery
  • Design identity and data access controls that function during incidents, recovery events, and degraded operating states
  • Align architectures with incident response, cyber recovery, and BC/DR plans

Required Skills & Qualifications

  • 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
  • Demonstrated ability to own outcomes end-to-end, from strategy through hands-on implementation
  • Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
  • Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
  • Solid understanding of identity-based API authentication and authorization
  • Solid understanding of modern cloud, data platforms, and identity-aware application architectures
  • Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
  • Strong customer-facing communication skills, comfortable with engineers and executive stakeholders

Similar jobs