Senior Cloud Data Security Architect

Title: Sr. Cloud Data Security Architect

Location: Bellevue WA/Onsite

Duration: Long Term

We are seeking an experienced and strategic Senior Data Platform Security Architect to lead the design implementation and governance of security across our data platform this role you will serve as the authoritative voice on data security architecture working cross-functionally with engineering data compliance product and cybersecurity teams to ensure that our data infrastructure is secure resilient and compliant with applicable regulations.

Responsibilities

• Architect and own end-to-end security frameworks for data platforms including data lakes data warehouses streaming pipelines and analytics environments (e.g. Snowflake Databricks Microsoft Fabric Kafka Spark).
• Define and enforce data security standards covering access control encryption at rest and in transit data masking tokenization and secrets management.
• Lead threat modelling and risk assessments for data platform components identifying vulnerabilities and driving remediation efforts.
• Design and implement identity and access management (IAM) strategies including role-based access control (RBAC) attribute-based access control (ABAC) and least-privilege principles across data systems.
• Establish and mature data classification policies and ensure appropriate security controls are applied at each classification tier.
• Partner with data engineering and platform teams to embed security into the data lifecycle - from ingestion and transformation through storage consumption and archival.
• Drive security requirements for cloud-native data services (AWS Azure GCP) and ensure consistent security posture across multi-cloud or hybrid environments.
• Own the design of data audit logging lineage tracking and monitoring solutions to support incident detection forensics and compliance reporting.
• Collaborate with legal compliance and privacy teams to ensure adherence to regulations such as GDPR CCPA SOC 2 SOX USGCB FCC Decree and other applicable frameworks.
• Serve as a technical mentor and subject matter expert guiding junior and mid-level engineers on secure data platform design patterns.
• Evaluate and recommend security tooling and vendors (e.g. DSPM DLP solutions).
• Communicate security architecture decisions risk posture and strategic roadmaps to executive stakeholders and technical teams.

Required Qualifications

• 8 years of experience in information security with at least 4 years focused on data platform or cloud data security architecture.
• Deep expertise in securing modern data platforms - including cloud data warehouses data lakes Lakehouse architectures and real-time streaming systems.
• Strong working knowledge of IAM frameworks zero-trust principles and access control models across cloud providers (AWS IAM Azure AD/Entra ID GCP IAM).
• Hands-on experience with encryption technologies key management systems (KMS/HSM) and data masking/tokenization techniques.
• Familiarity with security standards and regulatory frameworks (GDPR CCPA PCI-DSS SOC 2 SOX NIST CSF USGCB FCC Decree).
• Proficiency in at least one scripting or programming language (Python SQL Bash or similar) for automation and tooling.
• Experience with security tooling such as SIEM platforms DSPM tools DLP solutions and vulnerability scanners.
• Excellent written and verbal communication skills with the ability to translate complex technical risks into business-understandable language.

Preferred Qualifications

• Relevant security certifications such as CISSP CCSP AWS Security Specialty or Google Professional Cloud Security Engineer.
• Experience with infrastructure-as-code (Terraform Pulumi) and DevSecOps practices.
• Background in data governance tools (e.g. Collibra Alation Apache Atlas) and their integration with security controls.
• Experience in a regulated industry such as financial services or telecommunications.
• Familiarity with privacy-enhancing technologies (PETs) such as differential privacy or federated learning.