Databricks Architect

Remote • Posted 15 hours ago • Updated 15 hours ago
Contract Corp To Corp
Contract W2
12 Months
Remote
Depends on Experience
Fitment

Dice Job Match Score™

🔢 Crunching numbers...

Job Details

Skills

  • Databricks
  • AWS
  • IAM

Summary

  • Strong understanding of Databricks classic and serverless workspace deployments on AWS, including S3, IAM, VPC design, and both front-end and back-end PrivateLink connectivity
  • Hands-on Terraform experience across both AWS and Databricks resources to deploy, configure, and manage secure workspace infrastructure
  • Working knowledge of Databricks platform security architecture, including workspace isolation, identity integration, cluster access controls, secret management, and network security patterns
  • Strong communication skills with ability to independently lead architecture enablement sessions with large customer teams
  • Preferred: prior experience taking customer teams through Databricks security accreditation process
  • Deep understanding of multi-workspace topologies hub-and-spoke VPC designs, Transit Gateway integration, shared services VPCs, and cross-account network connectivity patterns for environment isolation (dev/staging/prod)
  • Knowledge of data exfiltration prevention architectures S3 VPC endpoint policies, restrictive bucket policies, STS condition keys, regional restrictions, and how Databricks data plane traffic flows interact with these controls
  • Expertise in AWS PrivateLink at scale including endpoint services, interface endpoints, DNS resolution chains (Route 53 Private Hosted Zones, inbound/outbound resolvers), and troubleshooting connectivity failures across complex multi-account Landing Zone architectures
  • Deep knowledge of IAM trust chains in Databricks deployments cross-account assume-role patterns, instance profiles vs. credential passthrough, IAM Roles for Service Accounts (IRSA) where applicable, and the Databricks-managed IAM role boundary model
  • Understanding of credential vending and Unity Catalog's storage credential architecture how temporary credentials are scoped, session policies, external location grants, and how these map to S3 access patterns auditable by CloudTrail
  • Expertise in encryption architecture CMK (Customer Managed Keys) for workspace storage, DBFS root, managed services (notebook/secret encryption), EBS encryption, and S3 SSE-KMS with key policies restricting decrypt to specific principals; understanding of key rotation implications
  • Understanding of data classification and governance controls Unity Catalog row/column-level security, attribute-based access control patterns, dynamic views, and how these satisfy regulatory requirements (OCC, FFIEC, SOX)
  • Understanding of Databricks control plane / data plane separation what data leaves the customer's AWS account, what metadata is stored in the Databricks-managed control plane, and how to articulate this to security review boards
  • Knowledge of disaster recovery and high availability patterns workspace regional failover considerations, metastore replication, cross-region S3 replication for underlying data, and RTO/RPO implications for Databricks-dependent pipelines
  • Familiarity with patch management and image hardening Databricks Runtime AMI lifecycle, custom container support (Docker on Databricks), CIS benchmark applicability, and how to address vulnerability scanning findings on ephemeral compute
  • Understanding of multi-tenancy isolation guarantees how Databricks isolates workloads between customers at the compute, storage, and network layers, and the additional controls available (dedicated VPCs, dedicated control plane for very large deployments)
  • Knowledge of identity federation patterns SCIM provisioning, SAML/OIDC integration,token lifecycle management, and how Databricks PAT/OAuth tokens interact with enterprise session management
  • Enterprise Secrets Vault Integration: Practical experience architecting interim and native secrets retrieval pipelines, specifically leveraging HashiCorp Vault or CyberArk to manage rotated service principal client secrets and runtime on-premises database credentials.
  • Very strong understanding of terraform modules for databricks and aws
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10315040
  • Position Id: 9027246
  • Posted 15 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Remote

Today

Easy Apply

Contract, Third Party

Depends on Experience

Remote

3d ago

Easy Apply

Contract, Third Party

$60 - $70

Remote

Yesterday

Easy Apply

Contract, Third Party

$70 - $80

Remote

6d ago

Easy Apply

Full-time, Third Party

Depends on Experience

Search all similar jobs