Sr. Security Engineer (Data Security)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 5+ years of experience in security engineering, with strong emphasis on data security in cloud environments.
• Deep hands-on experience with Azure, including PaaS and data services (ADLS Gen2, Azure SQL, Synapse, Storage Accounts).
• Practical experience with Microsoft Purview for data governance, classification, lineage, and entitlement insights.
• Hands-on experience securing Databricks environments, including workspace security, cluster policies, secrets management, and data access controls.
• Strong proficiency with Terraform and infrastructure-as-code, including secure patterns and policy enforcement.
• Experience with identity and access management (Entra ID, managed identities), networking (private endpoints, firewalls), and encryption.
• Proficiency in scripting or automation using Python, PowerShell, or similar languages.
• Strong understanding of data protection principles, privacy-by-design, and common regulatory frameworks.

Nice To Haves

• Experience securing analytics and big-data platforms in regulated or highly sensitive environments.
• Familiarity with data loss prevention (DLP), tokenization, masking, or privacy-enhancing technologies.
• Experience integrating data security tooling with SIEM/SOC workflows.
• Relevant certifications such as Azure Security Engineer Associate, Azure Data Engineer, SC-400, or equivalent.

Responsibilities

• Lead the design, implementation, and ongoing improvement of data security controls across Azure data services and Databricks environments, including data classification, access control, encryption, and monitoring.
• Implement and operationalize Microsoft Purview capabilities such as data discovery, classification, sensitivity labeling, lineage, cataloging, and access insights across structured and unstructured data sources.
• Define and enforce least-privilege access models for data platforms using Azure RBAC, Entra ID, managed identities, service principals, and Databricks workspace permissions.
• Partner with privacy, compliance, and legal stakeholders to translate regulatory and contractual requirements into actionable technical controls and standards.
• Perform in-depth security reviews of Azure data architectures, including storage accounts, Azure SQL, Synapse, ADLS Gen2, Event Hubs, and Databricks deployments.
• Assess and remediate data-related risks in infrastructure-as-code (Terraform), platform configurations, and CI/CD pipelines.
• Contribute secure-by-design patterns and reusable templates for data platforms, incorporating encryption, private networking, logging, and policy-as-code.
• Design and maintain data security monitoring and alerting, integrating Purview, Azure Monitor, and Defender for Cloud workflows.
• Support investigation and response for data security incidents, including exposure analysis, root cause identification, and long-term remediation.
• Own documentation, standards, and security guidelines for data platforms; ensure alignment with Aya security standards and audit expectations.
• Lead medium- to large-scope data security initiatives end-to-end, including requirements, design, implementation, stakeholder alignment, and measurable outcomes.
• Mentor Security Engineers and partner engineers on data security best practices; act as a subject-matter expert for data protection topics.
• Translate complex technical risks into clear business impact for engineering leaders and stakeholders.

Benefits

• Free premium medical, dental, life and vision insurance
• Generous 401(k) match
• Reimbursements and discretionary bonuses
• Paid sick leave in accordance with all applicable state, federal, and local laws
• Unlimited DTO
• Virtual yoga, meditation or boot camp classes offered daily