Data Engineer – Platform Focus

Role Summary

We are looking for a hands-on Data & AI Platform Infrastructure Engineer to build, secure, automate, and operate the infrastructure that supports our reporting, analytics, and AI initiatives.

This is not primarily an analytics engineering or dashboard-development role. The core need is an engineer who can take ownership of the platform work required to make our data and AI environment secure, reliable, auditable, and scalable: identity and access integration, Snowflake administration and security, network and connectivity controls, data integrations and pipelines, monitoring and operational automation, and controlled implementation of approved AI capabilities.

Because we operate in a healthcare environment, this role requires disciplined security practices, careful handling of sensitive data, strong documentation, and the ability to turn compliance requirements into practical technical safeguards. The successful candidate will use approved AI tools as a force multiplier to research, design, implement, troubleshoot, document, and automate work - while verifying outputs and maintaining security and privacy controls.

Why This Role Exists

Our data and AI platform is expanding, and platform infrastructure must keep pace. This role will reduce reliance on a single internal technical owner by establishing repeatable, documented, secure operations and taking day-to-day responsibility for technical implementation and maintenance.

The person in this role will help ensure that the right people and services have the right access, that integrations and pipelines run reliably, that platform changes are auditable, and that new AI or data services are evaluated and implemented responsibly.

Key Responsibilities

1. Identity, Access, and Snowflake Security

• Design, implement, and maintain Microsoft Entra ID (Azure AD) integration with Snowflake, including SSO and automated user/group provisioning where appropriate.

• Implement and maintain group-based role assignment, least-privilege RBAC, service-user access, key-pair authentication, warehouse access, onboarding, offboarding, and periodic access reviews.

• Maintain a clear role hierarchy and privilege model that separates administration, transformation, reporting, automation, and sensitive-data access.

• Configure and maintain masking policies, row-access controls, tags/classification, secure views, or related Snowflake governance controls as required.

• Produce access documentation and audit evidence showing who can access sensitive data and why.

2. Network Security, Platform Configuration, and Operations

• Configure, test, and maintain Snowflake network rules and network policies, IP allowlists, integration connectivity, authentication controls, and related security settings.

• Troubleshoot failed logins, blocked network connections, broken integrations, authentication problems, role/privilege issues, and platform operational failures.

• Establish repeatable deployment and change-management procedures for security and infrastructure configuration.

• Configure operational monitoring, alerts, cost/resource controls, runbooks, and maintenance procedures for the platform.

• Support security reviews, audit requests, i ---------- investigation, remediation tracking, and evidence collection.

3. Data Integrations, ETL/ELT, and Reliability

• Configure, maintain, and monitor data ingestion and integration pipelines into Snowflake, including existing and new vendor/system integrations.

• Evaluate integration options, authentication methods, data exposure, logging, failure handling, retry behavior, and operational support requirements.

• Build or maintain scripts and automations for pipeline monitoring, validation, alerting, recovery, auditing, and recurring platform administration.

• Work with dbt and downstream analytics processes as needed to ensure the underlying platform, credentials, environments, and deployments are dependable.

• Identify fragile, manual, or high-risk platform processes and implement sustainable improvements.

4. HIPAA-Aligned AI Platform Enablement and Automation

• Evaluate, configure, and implement approved AI capabilities that support data/platform operations, such as Snowflake Cortex Code, Cortex AI features, or other approved services.

• For any new AI or data service, help document data flows, permissions, sensitive-data exposure, logging/retention behavior, contractual or BAA requirements, security settings, and implementation controls before production use.

• Configure role-based permissions, usage controls, auditability, and monitoring for approved AI functions and tools.

• Use approved AI tools to accelerate infrastructure scripting, troubleshooting, documentation, testing, deployment planning, and operations automation.

• Validate AI-generated scripts, recommendations, queries, and configurations before implementation; do not treat generated output as production-ready without review and testing.

• Never enter PHI, credentials, secrets, or confidential data into tools or features that have not been approved for that use.

5. Documentation, Governance, and Team Enablement

• Build and maintain technical documentation, architecture diagrams, inventories, security baselines, implementation records, standard operating procedures, and troubleshooting runbooks.

• Document platform decisions, permissions, service accounts, authentication methods, integrations, scheduled jobs, monitoring, and recovery procedures.

• Translate recurring platform work into reusable scripts, checklists, templates, and automated controls.

• Communicate changes, risks, blockers, test results, and recommendations clearly to technical and nontechnical stakeholders.

• Partner with internal leadership, IT/security, and compliance stakeholders on approvals and risk decisions; this role implements and documents controls but is not the final legal or HIPAA compliance authority.

Initial Priorities

The initial priorities for this role are expected to include:

• Inventorying current Snowflake roles, users/service identities, warehouses, network/security policies, integrations, pipelines, scheduled jobs, and existing documentation.

• Developing and implementing a Microsoft Entra ID-to-Snowflake access-management approach, including group-to-role mapping, provisioning/deprovisioning procedures, and access-review evidence.

• Reviewing Snowflake security posture, including network rules/policies, authentication, masking/data access controls, service identities, secrets/key rotation, logging, alerts, and audit readiness.

• Establishing operational monitoring and runbooks for integrations, pipelines, security configuration, and platform failures.

• Establishing a controlled process for evaluating and enabling Snowflake AI capabilities and other AI-enabled services in a healthcare/HIPAA-regulated environment.

• Automating recurring administrative, audit, monitoring, and troubleshooting activities wherever practical and safe.

Our Current / Expected Technology Environment

Experience with every tool is not required, but the successful candidate must have strong platform fundamentals and be able to learn quickly.

• Snowflake, including security administration, RBAC, network policies/rules, service authentication, account usage/audit data, governance, and cost/warehouse management

• Microsoft Entra ID (Azure AD), SAML SSO, SCIM provisioning, and group-based access management

• SQL and Python or another scripting language

• ETL/ELT and data integration platforms; API-based integrations

• dbt and Git-based deployment workflows

• GitHub/version control and change-review processes

• Approved AI tooling for engineering and platform automation, including Snowflake Cortex Code/Cortex AI where adopted

• Healthcare/HIPAA-aligned security, privacy, access, and audit practices

Required Qualifications

• Hands-on experience administering or engineering a cloud data platform, preferably Snowflake.

• Experience with identity and access management concepts: SSO, SCIM or automated provisioning, RBAC, least privilege, service accounts, secrets, and access reviews.

• Demonstrated experience configuring or troubleshooting platform security, authentication, network/access controls, or cloud connectivity.

• Experience implementing or operating ETL/ELT pipelines, system integrations, APIs, or data-ingestion workflows.

• Strong SQL skills and ability to use Python, PowerShell, Bash, or a similar scripting language for automation and troubleshooting.

• Experience producing technical documentation, operating procedures, change plans, and audit-ready evidence.

• Sound judgment when working with confidential or regulated data and a willingness to follow documented approval and security processes.

• Demonstrated ability to use AI tools effectively for technical work while validating output, protecting sensitive information, and documenting decisions.

• Strong written English communication skills and ability to work independently with clear escalation of risk or ambiguity.

Preferred Qualifications

• Direct experience with Snowflake Business Critical environments or security/governance work involving sensitive or regulated data.

• Experience with Microsoft Entra ID integration with Snowflake, including SAML/SCIM and group-to-role mapping.

• Experience with Snowflake network policies/rules, masking policies, row access policies, audit/account usage views, key-pair authentication, tasks, alerts, resource monitors, or security integrations.

• Experience supporting healthcare, HIPAA-regulated, financial, or similarly controlled environments.

• Experience evaluating or deploying enterprise AI capabilities with data-security, privacy, contractual, and governance considerations.

• Experience with dbt Cloud, Precog or comparable integration tooling, Power Automate, GitHub, or platform CI/CD.

• Experience using infrastructure-as-code or version-controlled deployment patterns for security and platform configuration.