Cream City Cyber
Overview
Cream City Cyber is seeking a passionate and experienced Senior Data Security Engineer to join our team. This role focuses on analyzing, evaluating, and guiding secure data platform architecturesspanning ingestion, storage, processing, orchestration, and governanceacross on-prem, AWS, and Azure (GCP a plus). You will split time between client-facing assessments and building internal accelerators and standards that raise the bar for data security-by-design. This is an individual contributor role reporting to the Director of Application Security. Location:
West Allis, WI . Responsibilities Security analysis and implementation Evaluate access models (IAM/RBAC/ABAC), network boundaries, encryption at rest/in transit, key management (KMS/HSM), secrets management (Vault/Secrets Manager/Key Vault), and data minimization, retention, and residency controls. Map and classify data flows and crown-jewel datasets across operational and analytical systems; document lineage and high-risk interfaces. Design reference architectures and guardrails; create reusable accelerators such as assessment checklists, reporting templates, policies, rules, and playbooks to standardize engagements. Define and socialize internal data platform standards and roadmap that embed security throughout the data lifecycle (modeling, contracts, quality, governance). Analyze and inspect client data platforms to determine security posture and remediation priorities across RDBMS systems as well as analytical systems such as Databricks, Snowflake, and Redshift; batch and streaming pipelines; and orchestration/transform layers (Airflow/Dagster/Prefect, dbt).
Security testing and compliance
Perform data-centric threat modeling; identify vulnerabilities and develop risk mitigation strategies for data ingestion, transformation, storage, sharing, and feature serving. Review configurations, IaC, and pipeline code (SQL/Python/Spark) for security anti-patterns; integrate automated checks into CI/CD where appropriate. Assess alignment to client-relevant frameworks and regulations, including SOC 2, ISO 27001, NIST (CSF/800-53/171), and privacy domains such as HIPAA, PCI, and CCPA/GDPR. Produce clear deliverables: assessment reports, risk registers, remediation roadmaps, data flow diagrams, and lineage/threat models; present to technical teams and executives.
Collaboration and cross-functional teamwork
Partner with client data engineers, analytics engineers, ML engineers, platform/DevOps, and security to embed security controls throughout the SDLC and data lifecycle. Collaborate with internal teams to develop an open-source reference stack and enablement materials (Spark, Delta/Iceberg, Airflow/Dagster/Prefect, dbt, Kafka/Debezium, DataHub/OpenMetadata, Great Expectations/Soda, Terraform, Vault). Support pre-sales by participating in discovery workshops, scoping, and level-of-effort estimates; contribute to proposals and client presentations. Participate in security audits and readiness activities; ensure recommendations are actionable and aligned to business goals.
Incident response and continuous improvement
Advise during data-related security incidents as needed, focusing on preventive posture and hardening guidance; (no on-call expectations at this time). Track findings through remediation with clients and refine internal playbooks based on real-world outcomes. Stay current on emerging threats and platform capabilities (e.g., DSPM, DLP, zero-trust data access, data contracts); continuously improve checklists, reference architectures, and guardrails. Promote secure data storage, key rotation, and secure integrations (APIs, CDC, cross-account sharing) to prevent exfiltration and misuse.
Required qualifications
Bachelors degree in computer science, information security, or related field, or equivalent experience; 68 years of professional data engineering experience. Strong SQL and Python; deep hands-on experience with tools such as Spark in production. Proven experience designing or assessing production data pipelines and Lakehouse/warehouse architectures on AWS and/or Azure. Practical experience with one or more: Databricks (Delta Lake), Snowflake, Redshift. Proficiency with Docker and modern Git-based CI/CD workflows; familiarity with Terraform or equivalent IaC for cloud/data resources. Solid understanding of data security fundamentals: IAM/RBAC/ABAC, encryption and key management (KMS/HSM), secrets management, network segmentation, least privilege. Data modeling and governance experience (star/snowflake, Lakehouse patterns, lineage, retention/classification). Strong written and verbal communication skills; able to produce clear reports, diagrams, and executive-ready recommendations. Consulting / client-facing experience or demonstrated ability to work with both engineers and executives.
Preferred qualifications
Orchestration and transformation depth: Airflow, Dagster, or Prefect; dbt. Streaming and CDC: Kafka, Kinesis, Event Hubs, Debezium; event-driven architectures and data contracts/schema registry. Data quality/observability and catalog/lineage: Great Expectations, Soda, Monte Carlo, OpenLineage; DataHub, OpenMetadata, Purview. Cloud-native governance and DLP/DSPM: AWS Lake Formation, Azure Purview; BigID, or similar. Policy-as-code and guardrails: OPA/Sentinel; Terraform module design and patterns. Regulatory and framework experience: HIPAA, PCI, CCPA/GDPR; SOC 2, ISO 27001, NIST. Certifications: AWS/GCP/Azure (Architect or Data), AWS Security Specialty, CISSP/CCSP.
Skills and competencies
Problem-solving: Think like an attacker; model data-centric threats; prioritize risks and pragmatic mitigations. Strong communication: Explain complex data security concepts to both technical and non-technical stakeholders; comfortable presenting findings. Collaboration: Effective at working across data, platform, security, and product teams to achieve secure outcomes. Continuous learning: Proactive in tracking platform releases, emerging threats, and best practices in data engineering and security. Attention to detail: Thorough and systematic in configuration reviews, architecture design, and security audits.
Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr
Cream City Cyber is seeking a passionate and experienced Senior Data Security Engineer to join our team. This role focuses on analyzing, evaluating, and guiding secure data platform architecturesspanning ingestion, storage, processing, orchestration, and governanceacross on-prem, AWS, and Azure (GCP a plus). You will split time between client-facing assessments and building internal accelerators and standards that raise the bar for data security-by-design. This is an individual contributor role reporting to the Director of Application Security. Location:
West Allis, WI . Responsibilities Security analysis and implementation Evaluate access models (IAM/RBAC/ABAC), network boundaries, encryption at rest/in transit, key management (KMS/HSM), secrets management (Vault/Secrets Manager/Key Vault), and data minimization, retention, and residency controls. Map and classify data flows and crown-jewel datasets across operational and analytical systems; document lineage and high-risk interfaces. Design reference architectures and guardrails; create reusable accelerators such as assessment checklists, reporting templates, policies, rules, and playbooks to standardize engagements. Define and socialize internal data platform standards and roadmap that embed security throughout the data lifecycle (modeling, contracts, quality, governance). Analyze and inspect client data platforms to determine security posture and remediation priorities across RDBMS systems as well as analytical systems such as Databricks, Snowflake, and Redshift; batch and streaming pipelines; and orchestration/transform layers (Airflow/Dagster/Prefect, dbt).
Security testing and compliance
Perform data-centric threat modeling; identify vulnerabilities and develop risk mitigation strategies for data ingestion, transformation, storage, sharing, and feature serving. Review configurations, IaC, and pipeline code (SQL/Python/Spark) for security anti-patterns; integrate automated checks into CI/CD where appropriate. Assess alignment to client-relevant frameworks and regulations, including SOC 2, ISO 27001, NIST (CSF/800-53/171), and privacy domains such as HIPAA, PCI, and CCPA/GDPR. Produce clear deliverables: assessment reports, risk registers, remediation roadmaps, data flow diagrams, and lineage/threat models; present to technical teams and executives.
Collaboration and cross-functional teamwork
Partner with client data engineers, analytics engineers, ML engineers, platform/DevOps, and security to embed security controls throughout the SDLC and data lifecycle. Collaborate with internal teams to develop an open-source reference stack and enablement materials (Spark, Delta/Iceberg, Airflow/Dagster/Prefect, dbt, Kafka/Debezium, DataHub/OpenMetadata, Great Expectations/Soda, Terraform, Vault). Support pre-sales by participating in discovery workshops, scoping, and level-of-effort estimates; contribute to proposals and client presentations. Participate in security audits and readiness activities; ensure recommendations are actionable and aligned to business goals.
Incident response and continuous improvement
Advise during data-related security incidents as needed, focusing on preventive posture and hardening guidance; (no on-call expectations at this time). Track findings through remediation with clients and refine internal playbooks based on real-world outcomes. Stay current on emerging threats and platform capabilities (e.g., DSPM, DLP, zero-trust data access, data contracts); continuously improve checklists, reference architectures, and guardrails. Promote secure data storage, key rotation, and secure integrations (APIs, CDC, cross-account sharing) to prevent exfiltration and misuse.
Required qualifications
Bachelors degree in computer science, information security, or related field, or equivalent experience; 68 years of professional data engineering experience. Strong SQL and Python; deep hands-on experience with tools such as Spark in production. Proven experience designing or assessing production data pipelines and Lakehouse/warehouse architectures on AWS and/or Azure. Practical experience with one or more: Databricks (Delta Lake), Snowflake, Redshift. Proficiency with Docker and modern Git-based CI/CD workflows; familiarity with Terraform or equivalent IaC for cloud/data resources. Solid understanding of data security fundamentals: IAM/RBAC/ABAC, encryption and key management (KMS/HSM), secrets management, network segmentation, least privilege. Data modeling and governance experience (star/snowflake, Lakehouse patterns, lineage, retention/classification). Strong written and verbal communication skills; able to produce clear reports, diagrams, and executive-ready recommendations. Consulting / client-facing experience or demonstrated ability to work with both engineers and executives.
Preferred qualifications
Orchestration and transformation depth: Airflow, Dagster, or Prefect; dbt. Streaming and CDC: Kafka, Kinesis, Event Hubs, Debezium; event-driven architectures and data contracts/schema registry. Data quality/observability and catalog/lineage: Great Expectations, Soda, Monte Carlo, OpenLineage; DataHub, OpenMetadata, Purview. Cloud-native governance and DLP/DSPM: AWS Lake Formation, Azure Purview; BigID, or similar. Policy-as-code and guardrails: OPA/Sentinel; Terraform module design and patterns. Regulatory and framework experience: HIPAA, PCI, CCPA/GDPR; SOC 2, ISO 27001, NIST. Certifications: AWS/GCP/Azure (Architect or Data), AWS Security Specialty, CISSP/CCSP.
Skills and competencies
Problem-solving: Think like an attacker; model data-centric threats; prioritize risks and pragmatic mitigations. Strong communication: Explain complex data security concepts to both technical and non-technical stakeholders; comfortable presenting findings. Collaboration: Effective at working across data, platform, security, and product teams to achieve secure outcomes. Continuous learning: Proactive in tracking platform releases, emerging threats, and best practices in data engineering and security. Attention to detail: Thorough and systematic in configuration reviews, architecture design, and security audits.
Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr