Identity and Data Security Architect

Aqueduct Technologies is seeking an Identity and Data Security Architect to serve as a senior, customer‑facing technical architect responsible for designing, enforcing, and operationalizing identity‑ and data‑centric security controls that govern access to sensitive data across hybrid and cloud environments. This is an architect‑level, player/coach role with a strong hands‑on bias.

• Data Visibility & Posture Management
• Lead DSPM‑led data discovery and posture management deployments across cloud, SaaS, and data platforms
• Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
• Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk

• Own the data access control plane and operate alongside secure access and network security architectures
• Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
• Define access models for human users, service accounts, and application and API workloads
• Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity

• Architect and configure IAM and IGA platforms such as Microsoft Entra  Okta
• Personally architect, configure, and validate identity and data security platforms

• Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser‑based control updates, and API access restrictions
• Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
• Implement browser‑ and endpoint‑based data controls using secure access technologies as appropriate
• Architect API and non‑human identity security models using identity‑based authentication and authorization
• Reduce risk from token misuse, over‑privileged APIs, long‑lived secrets, and lateral data movement

• Secure data lakes, warehouses, and lake houses using identity‑aware access, classification, and policy enforcement

• Design controls governing access to data used in analytics, AI/ML, and LLM‑enabled workloads
• Address AI‑specific risks including data leakage, unauthorized access, and model abuse

• Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
• Ensure solutions are functional, testable, and enforceable

• Design identity and data access controls that function during incidents, recovery events, and degraded operating states
• Align architectures with incident response, cyber recovery, and BC/DR plans

• Develop internal reference architectures, patterns, and delivery standards for identity and data access security
• Support presales and solution shaping by articulating clear, outcome‑based security approaches

• 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
• Demonstrated ability to own outcomes end‑to‑end, from strategy through hands‑on implementation
• Hands‑on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
• Strong experience with IAM and IGA platforms such as Entra , and Okta including access governance and enforcement
• Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
• Solid understanding of identity‑based API authentication and authorization
• Understanding of modern cloud, data platforms, and identity‑aware application architectures
• Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
• Strong customer‑facing communication skills, comfortable with engineers and executive stakeholders
• Note:
  
  Experience…