Identity and Data Security Architect

Aqueduct Technologies is seeking an Identity and Data Security Architect to serve as a senior, customer-facing technical architect responsible for designing, enforcing, and operationalizing identity- and data-centric security controls that govern access to sensitive data across hybrid and cloud environments. This is an architect-level, player/coach role with a strong hands-on bias.

Operating above the infrastructure and network layers, you will focus on how human and non-human identities interact with data, applications, APIs, and AI systems. You will translate business risk, regulatory requirements, and governance policy into enforceable technical controls which you design, deploy, and optimize. In short, you will make who can access what enforceable everywhere.

• Data Visibility & Posture Management
• Lead DSPM‑led data discovery and posture management deployments across cloud, SaaS, and data platforms
• Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
• Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk

• Own the data access control plane and operate alongside secure access and network security architectures
• Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
• Define access models for human users, service accounts, and application and API workloads
• Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity

• Architect and configure IAM and IGA platforms such as Microsoft Entra  Okta
• Personally architect, configure, and validate identity and data security platforms

• Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser‑based control updates, and API access restrictions
• Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
• Implement browser‑ and endpoint‑based data controls using secure access technologies as appropriate
• Architect API and non‑human identity security models using identity‑based authentication and authorization
• Reduce risk from token misuse, over‑privileged APIs, long‑lived secrets, and lateral data movement

• Secure data lakes, warehouses, and lake houses using identity‑aware access, classification, and policy enforcement

• Design controls governing access to data used in analytics, AI/ML, and LLM‑enabled workloads
• Address AI‑specific risks including data leakage, unauthorized access, and model abuse

• Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
• Ensure solutions are functional, testable, and enforceable

• Design identity and data access controls that function during incidents, recovery events, and degraded operating states
• Align architectures with incident response, cyber recovery, and BC/DR plans

• Develop internal reference architectures, patterns, and delivery standards for identity and data access security
• Support presales and solution shaping by articulating clear, outcome‑based security approaches

• 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
• Demonstrated ability to own outcomes end‑to‑end, from strategy through hands‑on implementation
• Hands‑on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
• Strong experience with IAM and IGA platforms such as Entra , and Okta including access governance and enforcement
• Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
• Solid understanding of…