Data Security Architect
Westbrook, ME - USA
Job Summary
The Data Security Architect is responsible for defining the enterprise architecture control patterns and design standards for protecting sensitive data across IDEXXs platforms including Snowflake Databricks M365 Box and cloud applications (AWS-first).
This role ensures that data security capabilitiessuch as DSPM DLP and data platform controlsare designed correctly integrated across systems and scalable enabling consistent protection of sensitive data across the enterprise.
This is a design and architecture leadership role focused on the how of data protection not day-to-day program execution or tool operations.
In this role you will be responsible for
- Data Security Architecture & Design
- Define the enterprise data security architecture including:
- Data discovery and classification (DSPM integration)
- DLP/CASB control strategy (M365 Box endpoint)
- Data platform security controls (Snowflake Databricks)
- Application/API data protection patterns (cloud-first)
- Establish standard control patterns including:
- Data classification and tagging models
- Encryption tokenization and masking strategies
- Data access control models (RBAC ABAC RLS)
- Data movement and sharing controls
- Ensure consistency and scalability of data protection across SaaS cloud and application environments
Platform Integration & Control Alignment
- Design and drive integration across:
- Snowflake and Alation (data catalog and ownership mapping)
- Entra ID (identity-driven access controls and policy enforcement)
- M365 and Box (data loss prevention and collaboration controls)
- Cloud environments (AWS Azure GCP)
- Ensure alignment between:
- DSPM findings
- DLP policies
- Data platform controls
- Translate data risk insights into technical control implementation requirements
Reference Architecture & Engineering Enablement
- Develop and maintain a Data Security Reference Architecture
- Define secure design patterns and implementation guidance for:
- Data engineering teams
- Application development teams
- Cloud platform teams
- Enable engineering teams to embed data protection into systems and workflows rather than relying solely on downstream tooling
Collaboration with Program & Engineering Teams
- Partner with:
- Data Security Program Lead (execution and governance)
- Data Security Engineering Lead (implementation delivery)
- Cyber Defense / SOC teams (operational integration)
- Provide architectural direction and design input while ensuring:
- Execution teams can implement effectively
- Controls remain aligned to risk priorities
Standards Governance & Continuous Improvement
- Define and evolve data protection standards aligned to:
- Data Management Policy (classification handling retention)
- Regulatory requirements (HIPAA GDPR etc.)
- Evaluate emerging capabilities and tools:
- DSPM platforms
- DLP/CASB solutions
- Data platform-native controls
- Continuously improve architecture based on:
- New data risks
- Platform evolution (Snowflake AWS etc.)
- Feedback from operations and engineering
What you will need to succeed...
- 7-10 years experience in: Data security cloud security or security architecture
- Location: We are looking for someone driving distance to our HQ in Westbrook Maine for a flexible hybrid requirement of 8 days per month. Alternatively we are open to those in NH or MA that can travel in less frequently.
- Strong experience designing security for:
- Cloud-native data platforms (Snowflake Databricks)
- SaaS and collaboration environments (M365 Box)
- Enterprise identity systems (Entra ID)
- Proven ability (via outcomes) to design and scale:
- Data classification and tagging models
- Data protection controls (DLP masking encryption)
- Access control models (RBAC ABAC)
- Experience working across:
- Data engineering
- Application engineering
- Cloud platform teams
Technical Expertise
- Deep understanding of:
- Data protection architecture and lifecycle management
- Data platforms (Snowflake strongly preferred)
- Cloud environments (AWS preferred; Azure/GCP familiarity)
- Working familiarity with:
- DSPM tools (e.g. Cyera BigID etc.)
- CASB/DLP platforms (M365 endpoint etc.)
- Data catalog and governance tools (e.g. Alation)
- Knowledge of:
- Encryption tokenization and data masking techniques
- Data access governance models and patterns
- Understanding of regulatory frameworks relevant to IDEXX (GDPR SOC2 PCI DSS)
Leadership & Professional Skills
- Strong architectural thinking and system design capability
- Predilection towards action to achieve outcomes and refine design
- Ability to translate business data risk into technical architecture
- Excellent collaboration skills across engineering and security domains
- Ability to communicate via architectural diagrams whitepapers presentations
- Strong communication skills to:
- Influence technical and non-technical stakeholders
- Align teams on architecture and standards
It would be a plus if you had any of these...
- Experience implementing enterprise data security or DSPM programs
- Background working with data engineering or analytics teams
- Experience designing controls in Snowflake or similar platforms
- Certifications (AWS Certified Solutions Architect CISSP CCSP etc.)
What you can expect from us:
Base annual salary target: $120000 - $150000 (yes we do have flexibility if needed)
Opportunity for annual cash bonus
Health / Dental / Vision Benefits Day-One
5% matching 401k
Additional benefits including but not limited to financial support pet insurance mental health resources volunteer paid days off employee stock program foundation donation matching and much more!
Why IDEXX
Were proud of the work we do because our work matters. An innovation leader in every industry we serve we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy to ensure safe drinking water for billions and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10000 talented people.
So what does that mean for you We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX you will be supported by competitive compensation incentives and benefits while enjoying purposeful work that drives improvement.
Lets pursue what matters together.
IDEXX values a diverse workforce and workplace and strongly encourages women people of color LGBTQ individuals people with disabilities members of ethnic minorities foreign-born residents and veterans to apply.
IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race color creed sex sexual orientation gender identity or expression age religion national origin citizenship status disability ancestry marital status veteran status medical condition or any protected category prohibited by local state or federal laws.
#LI-EV1
Required Experience:
Staff IC