IDEXX

Data Security Architect

IDEXX$120K — $150K *
US-Anywhere
+ 4 other locationsRemote
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7-10+ years experience in data security, cloud security, or security architecture
  • Strong experience designing for cloud-native data platforms like Snowflake and Databricks
  • Expertise in SaaS and collaboration environments particularly M365 and Box
  • Proven outcomes in designing scalable data classification and protection controls
  • Experience collaborating with data engineering, app engineering, and cloud platform teams

Responsibilities

  • Define enterprise data security architecture for diverse platforms and applications
  • Establish standard control patterns for data protection and access management
  • Ensure scalable data protection across various cloud and SaaS environments
  • Design integrations for platform alignment with tools like Snowflake and Alation
  • Translate data risk insights into actionable technical requirements
  • Develop Data Security Reference Architecture for engineering teams
  • Collaborate with security governance and operational teams for effective implementation

Benefits

  • Health, dental, and vision benefits from day one
  • 5% matching 401k contribution
  • Annual cash bonus opportunity
  • Financial support for various programs
  • Pet insurance and mental health resources
  • Volunteer paid days off
  • Employee stock program and donation matching opportunities
Full Job Description

The Data Security Architect is responsible for defining the enterprise architecture, control patterns, and design standards for protecting sensitive data across IDEXX’s platforms, including Snowflake, Databricks, M365, Box, and cloud applications (AWS-first).

This role ensures that data security capabilities—such as DSPM, DLP, and data platform controls—are designed correctly, integrated across systems, and scalable, enabling consistent protection of sensitive data across the enterprise.

This is a design and architecture leadership role, focused on the “how” of data protection, not day-to-day program execution or tool operations.


In this role, you will be responsible for…

  • Data Security Architecture & Design
  • Define the enterprise data security architecture, including:
    • Data discovery and classification (DSPM integration)
    • DLP/CASB control strategy (M365, Box, endpoint)
    • Data platform security controls (Snowflake, Databricks)
    • Application/API data protection patterns (cloud-first)
  • Establish standard control patterns, including:
    • Data classification and tagging models
    • Encryption, tokenization, and masking strategies
    • Data access control models (RBAC, ABAC, RLS)
    • Data movement and sharing controls
  • Ensure consistency and scalability of data protection across SaaS, cloud, and application environments

Platform Integration & Control Alignment

  • Design and drive integration across:
    • Snowflake and Alation (data catalog and ownership mapping)
    • Entra ID (identity-driven access controls and policy enforcement)
    • M365 and Box (data loss prevention and collaboration controls)
    • Cloud environments (AWS, Azure, GCP)
  • Ensure alignment between:
    • DSPM findings
    • DLP policies
    • Data platform controls
  • Translate data risk insights into technical control implementation requirements

Reference Architecture & Engineering Enablement

  • Develop and maintain a Data Security Reference Architecture
  • Define secure design patterns and implementation guidance for:
    • Data engineering teams
    • Application development teams
    • Cloud platform teams
  • Enable engineering teams to embed data protection into systems and workflows, rather than relying solely on downstream tooling

Collaboration with Program & Engineering Teams

  • Partner with:
    • Data Security Program Lead (execution and governance)
    • Data Security Engineering Lead (implementation delivery)
    • Cyber Defense / SOC teams (operational integration)
  • Provide architectural direction and design input while ensuring:
    • Execution teams can implement effectively
    • Controls remain aligned to risk priorities

Standards, Governance & Continuous Improvement

  • Define and evolve data protection standards aligned to:
    • Data Management Policy (classification, handling, retention)
    • Regulatory requirements (HIPAA, GDPR, etc.)
  • Evaluate emerging capabilities and tools:
    • DSPM platforms
    • DLP/CASB solutions
    • Data platform-native controls
  • Continuously improve architecture based on:
    • New data risks
    • Platform evolution (Snowflake, AWS, etc.)
    • Feedback from operations and engineering


What you will need to succeed...

  • 7-10+ years experience in: Data security, cloud security, or security architecture
  • Location: We are looking for someone driving distance to our HQ in Westbrook, Maine for a flexible hybrid requirement of 8 days per month. Alternatively, we are open to those in NH or MA that can travel in less frequently.
  • Strong experience designing security for:
    • Cloud-native data platforms (Snowflake, Databricks)
    • SaaS and collaboration environments (M365, Box)
    • Enterprise identity systems (Entra ID)
  • Proven ability (via outcomes) to design and scale:
    • Data classification and tagging models
    • Data protection controls (DLP, masking, encryption)
    • Access control models (RBAC, ABAC)
  • Experience working across:
    • Data engineering
    • Application engineering
    • Cloud platform teams

Technical Expertise

  • Deep understanding of:
    • Data protection architecture and lifecycle management
    • Data platforms (Snowflake strongly preferred)
    • Cloud environments (AWS preferred; Azure/GCP familiarity)
  • Working familiarity with:
    • DSPM tools (e.g., Cyera, BigID, etc.)
    • CASB/DLP platforms (M365, endpoint, etc.)
    • Data catalog and governance tools (e.g., Alation)
  • Knowledge of:
    • Encryption, tokenization, and data masking techniques
    • Data access governance models and patterns
  • Understanding of regulatory frameworks relevant to IDEXX (GDPR, SOC2, PCI DSS)

Leadership & Professional Skills

  • Strong architectural thinking and system design capability
  • Predilection towards action to achieve outcomes and refine design
  • Ability to translate business data risk into technical architecture
  • Excellent collaboration skills across engineering and security domains
  • Ability to communicate via architectural diagrams, whitepapers, presentations
  • Strong communication skills to:
    • Influence technical and non-technical stakeholders
    • Align teams on architecture and standards
It would be a plus if you had any of these...
  • Experience implementing enterprise data security or DSPM programs
  • Background working with data engineering or analytics teams
  • Experience designing controls in Snowflake or similar platforms
  • Certifications (AWS Certified Solutions Architect, CISSP, CCSP, etc.)

What you can expect from us:
• Base annual salary target: $120000 - $150000 (yes, we do have flexibility if needed)
• Opportunity for annual cash bonus
• Health / Dental / Vision Benefits Day-One
• 5% matching 401k
• Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!

About IDEXX

IDEXX Laboratories, Inc. is an American multinational corporation engaged in the development, manufacture, and distribution of products and services for the companion animal veterinary, livestock and poultry, water testing, and dairy markets. Incorporated in 1983 and headquartered in Westbrook, Maine, and EMEA in Hoofddorp, Netherlands, IDEXX offers products to customers in over 175 countries around the world.
Learn more about IDEXX
Size
10,350 employees
Market Cap
$33.7 billion
Industry
Net Income
$581.7 million
Founded
1983
5 Year Trend
+12.6%
Revenue
$2.7 billion
NASDAQ

Similar Jobs

More Information Technology Jobs

Find similar Data Security Architect jobs: