Note: The job is a remote job and is open to candidates in USA. Databricks is the data and AI company, and they are seeking a highly skilled Lead Security Architect to join their IT team. This role involves designing and implementing secure architectures to protect corporate assets while focusing on IT security areas such as Identity and Access Management and Zero Trust architecture.
Responsibilities
• Design and implement secure, scalable reference architectures for the Databricks IT across Cloud Infra (Compute, DBs, Network, Storage), SaaS, Custom Built Applications, Data & AI systems.
• Establish and enforce security controls for:
• • Databricks Workspace Management: Workspace isolation, Unity Catalog for data governance.
• • Secure Networking: VPC configs, PrivateLink, IP Allow Lists.
• Identity and Access Management (IAM): SSO, SCIM user provisioning, RBAC via Un, Strong MFA best practices for enterprise identities and customers
• • Data Encryption: At rest and in transit, customer-managed keys for critical assets.
• • Data Exfiltration Prevention: Admin console settings, VPC endpoint controls.
• • Cluster Security: User isolation, compliance with enhanced security monitoring/Compliance Security Profiles (HIPAA, PCI-DSS, FedRAMP).
• • Offensive Security: Test and challenge the effectiveness of the organization’s security defenses by mimicking the tactics, techniques, and procedures used by actual attackers.
• • Non-human Identity Management: Design and implement secure authentication and authorization for automated systems (service accounts, API keys, machine identities), focusing on automation and integration with existing identity management systems.
• • IAM Best Practices: Develop and document comprehensive Identity and Access Management policies, including user provisioning, de-provisioning, access reviews, privileged access management, and multi-factor authentication, ensuring security and compliance.
• • Data Loss Prevention (DLP): Implement DLP solutions to identify, monitor, and protect sensitive data across endpoints, networks, and cloud environments, preventing unauthorized access, use, or transmission.
• • SaaS Proxy Design and Implementation: Design and implement cloud-based proxies for SaaS applications (SASE solutions) to provide secure access, enforce security policies, monitor user activity, and protect against threats.
• • Cloud Infrastructure Best Practices: Establish and document best practices for VPC configurations, cloud networking, and infrastructure as code using Terraform, ensuring secure network segmentation, routing, firewalls, and VPNs for consistent, automated, and secure deployments.
• • Least Privilege Access for Data Security: Design and implement data security controls based on the principle of least privilege, ensuring users and systems have only the minimum necessary access through fine-grained controls, data classification, and regular access reviews.
• • Guide internal IT on Databricks’ security and compliance certifications (SOC 2, ISO 27001/27017/27018, HIPAA, PCI-DSS, FedRAMP), and support security reviews/audits.
• • Support incident response, vulnerability management, threat modeling, and red teaming using audit logs, cluster policies, and enhanced monitoring.
• • Stay current on industry trends and emerging threats in GenAI, AI Agentic flow, MCPs to enhance security posture.
• • Advise executive leadership on security architecture, risks, and mitigation.
• • Mentor security engineers and developers on secure design and best practices.
Skills
• Minimum 12 years in cybersecurity, with 5+ in security architecture or senior technical roles
• Must have direct experience designing and securing enterprise platforms in complex multi-cloud environments, deep knowledge of enterprise architecture and security features (control plane/data plane separation, network infra, workspace hardening, network segmentation/ isolation), and hands-on experience automating security controls with Terraform and scripting
• Proven expertise securing data analytics pipelines, SaaS integrations, and workload isolation in enterprise ecosystems
• Experience with Enterprise Security Analysis Tools and monitoring/security policy optimization
• Deep experience in threat modeling, design, PoC, and implementing large-scale enterprise solutions
• Extensive hands-on experience in AWS cloud security, network security, with knowledge of Zero Trust, Data Protection, and Appsec
• Strong understanding of enterprise IAM systems (Okta, SailPoint, VDI, Entra ID) and Data Protection
• Expert experience with SIEM platforms, XDR, and cloud-native threat detection tools
• Expert in web application security, OWASP, API security, and secure design and testing
• Hands-on experience with security automation is required, with proficiency in AI-assisted development, Python, Cursor, Lambda, Terraform, or comparable scripting/IaC tools for operational efficiency
• Ability to influence stakeholders and drive alignment
• Strategic thinker with a passion for security innovation, continuous improvement, and building scalable defenses
• Experience in FedRAMP High systems/ GovCloud preferred
• Industry certifications like CISSP, CCSP, CEH, AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional, or AWS Certified Advanced Networking – Specialty (or equivalent) are preferred
Education Requirements
• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• Master’s degree in Computer Science specifically in Information Security or a related discipline is strongly preferred
Benefits
• Annual performance bonus
• Equity
Company Overview
• Databricks is a data and AI platform that unifies data engineering, analytics, and machine learning on a lakehouse architecture. It was founded in 2013, and is headquartered in San Francisco, California, USA, with a workforce of 5001-10000 employees. Its website is https://www.databricks.com.
Company H1B Sponsorship
• Databricks has a track record of offering H1B sponsorships, with 318 in 2025, 319 in 2024, 227 in 2023, 222 in 2022, 166 in 2021, 64 in 2020. Please note that this does not guarantee sponsorship for this specific role.
