Responsibilities
- Create and sustain comprehensive data security frameworks across Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform.
- Set and enforce organization-wide policies for data classification, labeling, and handling in alignment with Microsoft Purview Information Protection.
- Build standardized security architectures for data ingestion, transformation, storage, and consumption layers.
- Lead threat modeling exercises for data pipelines and analytics systems to proactively detect and resolve security risks.
- Implement a Zero Trust security model for all data platforms and integration interfaces.
- Design and manage data security configurations in Microsoft Fabric, including workspace and item-level permissions, sensitivity labels, and OneLake protections.
- Develop role-based and attribute-based access control strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL.
- Deploy and manage Microsoft Purview for data catalog governance, lineage tracking, and automated classification of sensitive data across hybrid and multi-cloud environments.
- Configure Azure Private Endpoints, VNet integration, and network security groups to prevent public access to data services.
- Manage encryption standards, including integration with Azure Key Vault, customer-managed keys, and encryption for data at rest and in transit.
- Collaborate with identity teams to implement Entra ID Conditional Access, Privileged Identity Management, and managed identities for secure data service authentication.
- Lead deployment and optimization of Microsoft Defender for Cloud data security posture management features.
- Design and roll out Unity Catalog as a centralized governance layer across Databricks workspaces, including metastore structure and row/column-level security.
- Secure Databricks workspaces using network isolation, vNet injection, private links, cluster policies, and IP access controls.
- Define and enforce secure credential passthrough, service principal management, and OAuth integration with Azure Entra ID in Databricks.
- Apply dynamic data masking and column-level security policies in Unity Catalog to safeguard personally identifiable, protected health, and financial information.
- Establish secure Delta Lake patterns using table ACLs, granular access controls, and audit logging via Databricks system tables.
- Ensure secure configuration of Databricks workflows, notebooks, and job clusters, including secrets management through Azure Key Vault-backed scopes.
- Review MLflow models and Feature Store setups for potential data leakage in machine learning pipelines.
- Ensure data platform adherence to GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS compliance requirements.
- Design and maintain logging and audit trail systems for data access across Microsoft and Databricks platforms.
- Perform periodic security risk assessments, gap analyses, and maturity evaluations of the data security program.
- Create and update security runbooks, policies, and standards documentation for data platform operations.
- Collaborate with legal, compliance, and privacy teams to support data subject access requests and regulatory investigations.
- Act as the lead security consultant for data engineering, analytics engineering, and business intelligence teams throughout project lifecycles.
Work Arrangement
Remote (Worldwide) — Anywhere in the U.S.
