Databricks IT is looking for a Lead Security Architect to design and implement a secure and scalable architecture to protect corporate assets, focusing on key IT security areas like Identity and Access Management, Zero Trust architecture, and endpoint security, while also securing critical business applications and sensitive data.
Requirements
- Must have direct experience designing and securing enterprise platforms in complex multi-cloud environments, deep knowledge of enterprise architecture and security features (control plane/data plane separation, network infra, workspace hardening, network segmentation/ isolation), and hands-on experience automating security controls with Terraform and scripting.
- Proven expertise securing data analytics pipelines, SaaS integrations, and workload isolation in enterprise ecosystems.
- Experience with Enterprise Security Analysis Tools and monitoring/security policy optimization.
- Deep experience in threat modeling, design, PoC, and implementing large-scale enterprise solutions.
- Extensive hands-on experience in AWS cloud security, network security, with knowledge of Zero Trust, Data Protection, and Appsec.
- Strong understanding of enterprise IAM systems (Okta, SailPoint, VDI, Entra ID) and Data Protection.
- Expert experience with SIEM platforms, XDR, and cloud-native threat detection tools.
Responsibilities
- Design and implement secure, scalable reference architectures for the Databricks IT across Cloud Infra (Compute, DBs, Network, Storage), SaaS, Custom Built Applications, Data & AI systems.
- Establish and enforce security controls for: Databricks Workspace Management: Workspace isolation, Unity Catalog for data governance.
- Establish and enforce security controls for: Secure Networking: VPC configs, PrivateLink, IP Allow Lists.
- Establish and enforce security controls for: Identity and Access Management (IAM): SSO, SCIM user provisioning, RBAC via Un, Strong MFA best practices for enterprise identities and customers
- Establish and enforce security controls for: Data Encryption: At rest and in transit, customer-managed keys for critical assets.
- Establish and enforce security controls for: Data Exfiltration Prevention: Admin console settings, VPC endpoint controls.
- Establish and enforce security controls for: Cluster Security: User isolation, compliance with enhanced security monitoring/Compliance Security Profiles (HIPAA, PCI-DSS, FedRAMP).
Other
- Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
- Master’s degree in Computer Science specifically in Information Security or a related discipline is strongly preferred
- Minimum 12 years in cybersecurity, with 5+ in security architecture or senior technical roles.
- Experience in FedRAMP High systems/ GovCloud preferred.
- Ability to influence stakeholders and drive alignment.
