Lead Security Architect - Cloud Data & AI Platforms

Benefits

Additional Information

Carpenter Technology is seeking an experienced Security Architect to lead the security strategy and implementation for our next-generation cloud data & AI platforms. This full-time leadership role holds long-term responsibility for securing a unified analytics environment (built primarily on Microsoft Azure and related services) that will host highly sensitive and regulated data (including ITAR-controlled information). The role requires a visionary leader who can define multi-year security roadmaps and promote a security-first culture, as well as a hands-on expert capable of designing and deploying robust security controls. Operating with influence across both the enterprise cybersecurity team and the data/AI platform team, the Lead Architect will ensure security is embedded by design without stifling innovation, enabling Carpenter to deliver data-driven and AI solutions safely and in compliance with all requirements. Key Responsibilities of Position: Cloud Data & AI Platform Security Architecture: Own the security architecture and roadmap for Carpenter's cloud-based data analytics and AI platform. Develop and maintain secure design patterns that cover data ingestion, storage, processing, and AI model deployment, ensuring controls are built-in across all components. Apply Zero Trust principles in every layer (identity, network, data access, applications) to minimize risk and attack surface. Work with leadership to align security investments with business strategy and risk appetite. Identity & Access Management (IAM): Implement robust identity and access controls across the platform. Leverage enterprise identity services (e.g. Azure AD) to enforce single sign-on, multi-factor authentication, and conditional access policies. Define role-based access control (RBAC) models for data and analytics services, ensuring users and service accounts have least-privilege access. Establish governance for workspace permissions, data access roles, and secrets management (e.g., keys, credentials) using appropriate tools. Data Protection & Privacy: Safeguard data in transit and at rest through encryption and strong key management. Ensure all sensitive data (including ITAR-regulated content) is encrypted end-to-end with appropriate customer-managed keys and meets required cryptographic standards. Implement data masking, anonymization, and tokenization techniques where needed. Coordinate with data governance teams to define data classification and handling rules, and enforce them through technical controls. Network & Infrastructure Security: Design the network security architecture for the data platform in collaboration with infrastructure teams. Implement secure network segmentation and firewall policies that limit exposure and lateral movement (e.g., using private endpoints, VPC/VNet isolation). Ensure any hybrid connectivity or data pipelines connecting on-premises systems to the cloud are protected via encrypted channels and strict firewall rules. Continually evaluate and harden underlying cloud infrastructure components, aligning with best practices and reference frameworks (NIST, CIS benchmarks, etc.). Governance, Risk & Compliance: Ensure the platform complies with internal policies and external regulations. Implement governance controls to meet standards such as ITAR, CMMC/NIST 800-171, and SOC/ISO 27001 as applicable. Define and monitor adherence to infrastructure and data security baselines across dev, test, and production environments. Work closely with risk management to assess and mitigate any platform-related risks that could impact operational continuity, data privacy, or regulatory compliance. Document security controls and provide evidence for audits and assessments as needed. Data Governance & Monitoring: Integrate data governance tools (e.g., data catalog, lineage, DLP systems) with the platform to enable sensitivity labeling, data lineage tracking, and policy enforcement for data usage. Establish continuous monitoring and auditing of user activities, data access events, and configuration changes in the platform. Aggregate logs and telemetry into the corporate SIEM for advanced threat detection and maintain detailed audit trails for forensics and compliance verification. AI Security & Trust: Develop security and trust frameworks for AI services and agents running on the platform. Ensure AI/ML solutions respect data access controls and do not expose sensitive information. Define Responsible AI policies and implement guardrails around AI model usage (e.g., ensuring proper training data governance, limitations on autonomous actions, and bias/ethics reviews). Collaborate with data science teams to integrate security in the AI model lifecycle, from development to deployment (e.g., secure model endpoints, API protections). Incident Preparedness & Response: Institute robust incident detection and response processes for the data & AI platform. Work with the Cybersecurity Operations Center (SOC) to tailor alerting fo

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cartech? Share your experience