and Data Security Architect in Canton

Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.

We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.

Job DescriptionJob DescriptionAqueduct Technologies is seeking an and Data Security Architect to serve as a senior, customer-facing technical architect responsible for designing, enforcing, and operationalizing - and data-centric security controls that govern access to sensitive data across hybrid and cloud environments. This is an architect-level, player/coach role with a strong hands-on bias. Operating above the infrastructure and network layers, you will focus on how human and non-human identities interact with data, applications, APIs, and AI systems. You will translate business risk, regulatory requirements, and governance policy into enforceable technical controls which you design, deploy, and optimize. In short, you will make who can access what enforceable everywhere.Core Responsibilities:

• Data Visibility & Posture Management
• Lead DSPM-led data discovery and posture management deployments across cloud, SaaS, and data platforms
• Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
• Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk

& Access Architecture

• Own the data access control plane and operate alongside secure access and network security architectures
• Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
• Define access models for human users, service accounts, and application and API workloads
• Implement conditional access, lifecycle governance, and controls tied directly to data sensitivity

IAM / IGA Platform Architecture & Configuration

• Architect and configure IAM and IGA platforms such as Microsoft Entra ID and Okta
• Personally architect, configure, and validate and data security platforms

Enforcement & Data Controls

• Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser-based control updates, and API access restrictions
• Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and context
• Implement browser- and endpoint-based data controls using secure access technologies as appropriate
• Architect API and non-human security models using -based authentication and authorization
• Reduce risk from token misuse, over-privileged APIs, long-lived secrets, and lateral data movement

Data Platform Security

• Secure data lakes, warehouses, and lakehouses using -aware access, classification, and policy enforcement

AI / ML & LLM Workload Security

• Design controls governing access to data used in analytics, AI/ML, and LLM-enabled workloads
• Address AI-specific risks including data leakage, unauthorized access, and model abuse

Delivery Leadership & Solution Quality

• Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
• Ensure solutions are functional, testable, and enforceable

Resilience, Incident Readiness & Recovery

• Design and data access controls that function during incidents, recovery events, and degraded operating states
• Align architectures with incident response, cyber recovery, and BC/DR plans

Internal Standards & Presales Support

• Develop internal reference architectures, patterns, and delivery standards for and data access security
• Support presales and solution shaping by articulating clear, outcome-based security approaches

Required Skills & Qualifications:

• 6+ years of progressive experience in , data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
• Demonstrated ability to own outcomes end-to-end, from strategy through hands-on implementation
• Hands-on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
• Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
• Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
• Solid understanding of -based API authentication and authorization
• Understanding of modern cloud, data platforms, and -aware application architectures
• Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to and data access
• Strong customer-facing communication skills, comfortable with engineers and executive stakeholders
• Note: Experience focused primarily on network security or secure service edge platforms without meaningful exposure to data discovery and access governance is unlikely to be sufficient for this role.

Certifications:

• CISSP or CCSP
• Microsoft SC-100 (Cybersecurity Architect Expert)
• Okta Consultant or Administrator certification, or equivalent IAM certification

Aqueduct Technologies is committed to developing a diverse and talented team. We celebrate and support and are committed to making an inclusive environment for all employees and applicants including women, minorities, individuals with disabilities, members of the LGBTQIA community, veterans, and any other legally protected group. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant on the basis of any status protected by federal, state, or local laws. Aqueduct Technologies is one of the largest IT solutions providers in the US, recognized for our relentless pursuit of customer satisfaction, our corporate culture, technology leadership, and our commitment to the local community. We pride ourselves on our world-class engineering, the investments we make in our employees and our systems, and on our loyal base of customers and manufacturers. Recognized as one of the fastest-growing, private companies in Massachusetts—and awarded the Best Place to Work in Boston for six, consecutive years—there is no better time to join Aqueduct than now!

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.