Identity and Data Security Architect

Aqueduct Technologies is seeking an Identity and Data Security Architect to serve as a senior, customer-facing technical architect responsible for designing, enforcing, and operationalizing identity- and data-centric security controls that govern access to sensitive data across hybrid and cloud environments. This is an architect-level, player/coach role with a strong hands-on bias. Core Responsibilities

• Data Visibility & Posture Management
• Lead DSPM-led data discovery and posture management deployments across cloud, SaaS, and data platforms
• Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
• Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk

Identity & Access Architecture

• Own the data access control plane and operate alongside secure access and network security architectures
• Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
• Define access models for human users, service accounts, and application and API workloads
• Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity

IAM/IGA Platform Architecture & Configuration

• Architect and configure IAM and IGA platforms such as Microsoft Entra ID and Okta
• Personally architect, configure, and validate identity and data security platforms

Enforcement & Data Controls

• Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser-based control updates, and API access restrictions
• Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
• Implement browser- and endpoint-based data controls using secure access technologies as appropriate
• Architect API and non-human identity security models using identity-based authentication and authorization
• Reduce risk from token misuse, over-privileged APIs, long-lived secrets, and lateral data movement

Data Platform Security

• Secure data lakes, warehouses, and lakehouses using identity-aware access, classification, and policy enforcement

AI/ML & LLM Workload Security

• Design controls governing access to data used in analytics, AI/ML, and LLM-enabled workloads
• Address AI-specific risks including data leakage, unauthorized access, and model abuse

Delivery Leadership & Solution Quality

• Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
• Ensure solutions are functional, testable, and enforceable

Resilience, Incident Readiness & Recovery

• Design identity and data access controls that function during incidents, recovery events, and degraded operating states
• Align architectures with incident response, cyber recovery, and BC/DR plans

Internal Standards & Presales Support

• Develop internal reference architectures, patterns, and delivery standards for identity and data access security
• Support presales and solution shaping by articulating clear, outcome-based security approaches

• 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
• Demonstrated ability to own outcomes end-to-end, from strategy through hands-on implementation
• Hands-on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
• Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
• Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
• Solid understanding of identity-based API authentication and authorization
• Understanding of modern cloud, data platforms, and identity-aware application architectures
• Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
• Strong customer-facing communication skills, comfortable with engineers and executive stakeholders
• Note: Experience focused primarily on network security or secure service edge platforms without meaningful exposure to data discovery and access governance is unlikely to be sufficient for this role.

Preferred Certifications

• CISSP or CCSP
• Microsoft SC-100 (Cybersecurity Architect Expert)
• Okta Consultant or Administrator certification, or equivalent IAM certification