Sr. Security Engineer (Data Security)

Aya Healthcare is a rapidly growing workforce solutions provider in the healthcare industry, seeking a Senior Security Engineer I – Data Security to join their Security Engineering team. This role focuses on designing and implementing data security controls across cloud analytics and data platforms, ensuring the protection of sensitive data throughout its lifecycle.

Responsibilities:

• Lead the design, implementation, and ongoing improvement of data security controls across Azure data services and Databricks environments, including data classification, access control, encryption, and monitoring
• Implement and operationalize Microsoft Purview capabilities such as data discovery, classification, sensitivity labeling, lineage, cataloging, and access insights across structured and unstructured data sources
• Define and enforce least-privilege access models for data platforms using Azure RBAC, Entra ID, managed identities, service principals, and Databricks workspace permissions
• Partner with privacy, compliance, and legal stakeholders to translate regulatory and contractual requirements into actionable technical controls and standards
• Perform in-depth security reviews of Azure data architectures, including storage accounts, Azure SQL, Synapse, ADLS Gen2, Event Hubs, and Databricks deployments
• Assess and remediate data-related risks in infrastructure-as-code (Terraform), platform configurations, and CI/CD pipelines
• Contribute secure-by-design patterns and reusable templates for data platforms, incorporating encryption, private networking, logging, and policy-as-code
• Design and maintain data security monitoring and alerting, integrating Purview, Azure Monitor, and Defender for Cloud workflows
• Support investigation and response for data security incidents, including exposure analysis, root cause identification, and long-term remediation
• Own documentation, standards, and security guidelines for data platforms; ensure alignment with Aya security standards and audit expectations
• Lead medium- to large-scope data security initiatives end-to-end, including requirements, design, implementation, stakeholder alignment, and measurable outcomes
• Mentor Security Engineers and partner engineers on data security best practices; act as a subject-matter expert for data protection topics
• Translate complex technical risks into clear business impact for engineering leaders and stakeholders

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• 5+ years of experience in security engineering, with strong emphasis on data security in cloud environments
• Deep hands-on experience with Azure, including PaaS and data services (ADLS Gen2, Azure SQL, Synapse, Storage Accounts)
• Practical experience with Microsoft Purview for data governance, classification, lineage, and entitlement insights
• Hands-on experience securing Databricks environments, including workspace security, cluster policies, secrets management, and data access controls
• Strong proficiency with Terraform and infrastructure-as-code, including secure patterns and policy enforcement
• Experience with identity and access management (Entra ID, managed identities), networking (private endpoints, firewalls), and encryption
• Proficiency in scripting or automation using Python, PowerShell, or similar languages
• Strong understanding of data protection principles, privacy-by-design, and common regulatory frameworks
• Experience securing analytics and big-data platforms in regulated or highly sensitive environments
• Familiarity with data loss prevention (DLP), tokenization, masking, or privacy-enhancing technologies
• Experience integrating data security tooling with SIEM/SOC workflows
• Relevant certifications such as Azure Security Engineer Associate, Azure Data Engineer, SC-400, or equivalent