Identity and Data Security Architect
Aqueduct Technologies, Inc. · Canton, MA · 2 mo ago
HybridInformation TechnologyFull-time
Core Responsibilities
- Data Visibility & Posture Management
- Lead DSPM-led data discovery and posture management deployments across cloud, SaaS, and data platforms
- Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk
- Own the data access control plane and operate alongside secure access and network security architectures
- Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
- Define access models for human users, service accounts, and application and API workloads
- Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity
- IAM / IGA Platform Architecture & Configuration
- Architect, configure, and validate identity and data security platforms
- Enforcement & Data Controls
- Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser-based control updates, and API access restrictions
- Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
- Implement browser- and endpoint-based data controls using secure access technologies as appropriate
- Architect API and non-human identity security models using identity-based authentication and authorization
- Reduce risk from token misuse, over-privileged APIs, long-lived secrets, and lateral data movement
- Data Platform Security
- Secure data lakes, warehouses, and lakehouses using identity-aware access, classification, and policy enforcement
- AI / ML & LLM Workload Security
- Design controls governing access to data used in analytics, AI/ML, and LLM-enabled workloads
- Address AI-specific risks including data leakage, unauthorized access, and model abuse
- Delivery Leadership & Solution Quality
- Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
- Ensure solutions are functional, testable, and enforceable
- Resilience, Incident Readiness & Recovery
- Design identity and data access controls that function during incidents, recovery events, and degraded operating states
- Align architectures with incident response, cyber recovery, and BC/DR plans
Required Skills & Qualifications
- 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
- Demonstrated ability to own outcomes end-to-end, from strategy through hands-on implementation
- Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
- Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
- Solid understanding of identity-based API authentication and authorization
- Solid understanding of modern cloud, data platforms, and identity-aware application architectures
- Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
- Strong customer-facing communication skills, comfortable with engineers and executive stakeholders