Security Platform Engineer

Stellent IT LLC
Minneapolis, United States of America
23 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Minneapolis, United States of America

Tech stack

Unity
Private Networks
Audit Trail
Azure
Cloud Computing
Information Engineering
Data Infrastructure
Identity and Access Management
Key Management
Network Security
Role-Based Access Control
Enterprise Data Management
Data Logging
Cloud Platform System
Cyberark
Azure
Peripherals
Data Management
Data Objects
SailPoint
Key Vault
Databricks

Job description

The Security/Platform Engineer will serve as a fractional security and platform hardening resource for the client's Azure, Databricks, Fivetran, and Unity Catalog environments. This role focuses on defining, implementing, and validating security patterns to support enterprise-scale data platform adoption, including access management, identity integration, secrets management, auditability, network security, and operational controls.

This role is not responsible for general data engineering delivery. It is responsible for ensuring the platform is secure, governed, supportable, and aligned with enterprise security expectations.

The Security / Platform Engineer will establish secure access and platform-control patterns across Azure, Databricks, Unity Catalog, Fivetran, and related services. This includes designing role-based access controls, group-based permissioning, least-privilege models, Unity Catalog permissions across data objects and storage credentials, and integration patterns for SailPoint, CyberArk, Entra ID, service principals, managed identities, secrets, and credential rotation.

The role will partner with client security, identity, infrastructure, governance, architecture, and engineering teams to embed security controls into the platform delivery model without creating unnecessary friction for source onboarding. Responsibilities include identifying security gaps, hardening opportunities, secure networking patterns, audit and monitoring procedures, access review processes, support procedures, and documentation needed for platform controls and audit evidence.

The Security / Platform Engineer will also advise on platform readiness for international expansion, future source onboarding, and broader enterprise adoption.

KEYS AMPLIFIED WOULD TARGET IN CANDIDATES:

  • 5+ Years
  • Roles focusing on Cloud/Data Platforms, Security Engineering, and/or Infrastructure
  • Azure Security (Managed Identities, Svc Peripherals, RBAC, Private Networks, and logging)
  • Data Platform Security (Databricks, Unity Catalog, Azure Data Factory, Fivetran)
  • Group-based access/provisioning models across environments
  • Tools exposure: Unity Catalog, SailPoint, CyberArk, IAM/PAM platforms,

Nice to have: Secrets Management, Credential Rotation, Service Account Governance, Privileged Access Controls, Establish security patterns, Audit/Compliance support

Requirements

  • 5+ years of cloud platform, security engineering, infrastructure, or data platform experience.
  • Hands-on experience with Azure security patterns, including Entra ID, Key Vault, managed identities, service principals, RBAC, private networking, and logging.
  • Experience securing enterprise data platforms, ideally including Databricks, Unity Catalog, Azure Data Factory, Fivetran, or similar tools.
  • Experience designing group-based access models and permissioning structures across environments.
  • Experience with secrets management, credential rotation, service account governance, and privileged access controls.
  • Experience working with enterprise security teams, infrastructure teams, IAM teams, and audit/compliance stakeholders.
  • Ability to document security patterns and translate enterprise security requirements into practical implementation steps.

NICE TO HAVE SKILLS:

  • Experience with Unity Catalog security, including metastores, catalogs, schemas, external locations, storage credentials, grants, lineage, and audit logs.
  • Experience with SailPoint, CyberArk, or comparable IAM / PAM platforms.
  • Experience supporting audit requirements, access reviews, evidence collection, and platform control validation.
  • Experience with Databricks networking and workspace security configuration.
  • Experience with Fivetran security, destination configuration, connector permissions, service accounts, and credential management.
  • Experience operating in regulated or security-sensitive environments such as financial services, insurance, healthcare, or public companies.

Apply for this position