Identity And Data Security Architect, Canton

Aqueduct Technologies is seeking an Identity and Data Security Architect to serve as a senior, customer-facing technical architect responsible for designing, enforcing, and operationalizing identity- and data-centric security controls that govern access to sensitive data across hybrid and cloud environments.
This is an architect-level, player/coach role with a strong hands-on bias.
Operating above the infrastructure and network layers, you will focus on how human and non-human identities interact with data, applications, APIs, and AI systems.
You will translate business risk, regulatory requirements, and governance policy into enforceable technical controls which you design, deploy, and optimize.
In short, you will make who can access what enforceable everywhere.
Core Responsibilities
Data Visibility & Posture Management
Lead DSPM?led data discovery and posture management deployments across cloud, SaaS, and data platforms
Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk
Identity & Access Architecture
Own the data access control plane and operate alongside secure access and network security architectures
Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
Define access models for human users, service accounts, and application and API workloads
Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity
IAM / IGA Platform Architecture & Configuration
Architect and configure IAM and IGA platforms such as Microsoft Entra ID and Okta
Personally architect, configure, and validate identity and data security platforms
Enforcement & Data Controls
Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser?based control updates, and API access restrictions
Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
Implement browser? and endpoint?based data controls using secure access technologies as appropriate
Architect API and non?human identity security models using identity?based authentication and authorization
Reduce risk from token misuse, over?privileged APIs, long?lived secrets, and lateral data movement
Data Platform Security
Secure data lakes, warehouses, and lakehouses using identity?aware access, classification, and policy enforcement
AI / ML & LLM Workload Security
Design controls governing access to data used in analytics, AI/ML, and LLM?enabled workloads
Address AI?specific risks including data leakage, unauthorized access, and model abuse
Delivery Leadership & Solution Quality
Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
Ensure solutions are functional, testable, and enforceable
Resilience, Incident Readiness & Recovery
Design identity and data access controls that function during incidents, recovery events, and degraded operating states
Align architectures with incident response, cyber recovery, and BC/DR plans
Internal Standards & Presales Support
Develop internal reference architectures, patterns, and delivery standards for identity and data access security
Support presales and solution shaping by articulating clear, outcome?based security approaches
Required Skills & Qualifications
6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
Demonstrated ability to own outcomes end?to?end, from strategy through hands?on implementation
Hands?on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
Solid understanding of identity?based API authentication and authorization
Understanding of modern cloud, data platforms, and identity?aware application architectures
Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
Strong customer?facing communication skills, comfortable with engineers and executive stakeholders
Note:
Experience focused primarily on network security or secure service edge platforms without meaningful exposure to data discovery and access governance is unlikely to be sufficient for this role.
Preferred Certifications
CISSP or CCSP
Microsoft SC-100 (Cybersecurity Architect Expert)
Okta Consultant or Administrator certification, or equivalent IAM certification
Aqueduct Technologies is committed to developing a diverse and talented team.
We celebrate and support diversity and are committed to making an inclusive environment for all employees and applicants including women, minorities, individuals with disabilities, members of the LGBTQIA community, veterans, and any other legally protected group.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant on the basis of any status protected by federal, state, or local laws.
#J-*****-Ljbffr