The Saros GroupRemote
Cloud & Data Platform Security Engineer
United States of America
Contract
4 hours ago
Visa Sponsor
Key skills
Data EngineeringAnalyticsBIPower BIDatabricksAWSAzureEC2S3IAMAzure ADOktaSSOLeadershipCommunicationCollaborationNetwork SecurityCloud Security
About this role
The Saros Group is a consulting firm dedicated to providing high-value services at competitive costs. They are seeking a highly skilled Cloud & Data Platform Security Engineer to design, implement, and govern security controls for AWS and Databricks environments, focusing on identity and access management, compliance, and security monitoring.
Responsibilities:
- Design and enforce RBAC/ABAC policies, SCIM provisioning, and SSO/MFA for Databricks workspaces
- Manage identity lifecycle, including onboarding/offboarding and periodic access reviews
- Integrate Databricks and AWS services with enterprise IAM solutions (e.g., Azure AD, Okta)
- Implement AWS IAM roles, policies, and permission boundaries for secure data access
- Ensure secure integration between AWS, Databricks, and Microsoft Power BI for reporting
- Develop and maintain security architecture for AWS and Databricks environments supporting Power BI analytics
- Design secure data pipelines and enforce encryption in transit and at rest across AWS S3, Databricks, and Power BI
- Implement network security controls (VPC, security groups, private endpoints) for AWS and Databricks connectivity
- Lead requirements gathering sessions with stakeholders to define security needs for AWS, Databricks, and Power BI integrations
- Document security requirements, architecture diagrams, and implementation plans
- Maintain detailed security design documentation and update as environments evolve
- Ensure traceability between business requirements and implemented security controls
- Investigate and respond to IAM-related and platform security incidents and defects
- Ensure adherence to SOC 2, HIPAA, GDPR, and internal security standards across AWS and Databricks
- Implement data governance policies for sensitive data used in Power BI reporting
- Apply Databricks Security Profile features (CIS-hardened images, FIPS 140 encryption, TLS 1.2+)
- Validate secure cluster configurations and enforce encryption policies in Databricks and AWS
- Harden AWS services (EC2, S3, IAM) following CIS benchmarks and best practices
- Partner with data engineering, BI, and cloud teams to implement security best practices
- Provide security posture reports and IAM metrics to leadership
- Support secure integration of Power BI with AWS and Databricks for enterprise reporting
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 5+ years of experience in cloud security engineering, with a focus on AWS and data platforms
- Hands-on experience securing Databricks environments and integrating with enterprise IAM solutions
- Strong knowledge of AWS security services (IAM, KMS, CloudTrail, GuardDuty, VPC)
- Expertise in Databricks security features, cluster hardening, and workspace governance
- Familiarity with Microsoft Power BI integration and secure data access patterns
- Proficiency in implementing RBAC/ABAC, SSO/MFA, and SCIM provisioning
- Understanding of encryption standards (FIPS 140, TLS 1.2+) and CIS benchmarks
- Strong analytical and problem-solving skills
- Excellent communication and collaboration abilities
- Ability to lead requirements gathering and produce clear documentation
- Comfortable working in a fast-paced, cross-functional environment
- AWS Certified Security – Specialty
- Databricks Certified Data Engineer or Security Professional
- CISSP or CISM
- Microsoft Certified: Power BI Data Analyst Associate (optional but a plus)