Senior Security Platform Engineer

The Senior Security Platform Engineer leads the design, operation, and continuous improvement of the core infrastructure that powers security detection, observability, and response at Lumin Digital. This is a senior individual contributor role that blends deep technical expertise with strategic ownership: you will architect secure and scalable systems at multi-region, multi-account scale; set technical direction for security platform capabilities; mentor engineers across the organization; and partner with engineering, platform, and product leaders to embed security-by-default principles across developer workflows. Day-to-day work spans infrastructure-as-code development, Python application development, reliability engineering, and on-call leadership for security-critical systems. Engineers in this role think in terms of reusable frameworks, long-term operational resilience, and the downstream impact of their decisions on the broader engineering organization.

• →

  Architect and own multi-region, multi-account telemetry systems that support ingestion, storage, and analysis of security-relevant data at scale — including logging clusters, ingest pipelines, and alerting systems that enable detection and response capabilities across the platform.

• →

  Define and lead the design of infrastructure-as-code (primarily Terraform) standards that codify cloud environments and security services, enforcing consistency, auditability, and separation of duties across hundreds of environments; establish reusable modules and frameworks other teams can adopt.

• →

  Design and lead deployment workflows using GitOps patterns (ArgoCD, Argo Workflows, Kustomize) to manage security infrastructure across multiple AWS accounts and regions; define guardrails and pipeline controls that improve deployment security organization-wide.

• →

  Lead the design and rollout of policy-as-code frameworks that automate security controls at scale — establishing patterns that teams across engineering can build on rather than requiring per-team implementation.

• →

  Write and maintain production-quality Python applications and tooling that support platform operations, including automation, integration, and internal utilities — with a strong emphasis on code quality, testing, maintainability, and serving as a model for engineering standards.

• →

  Architect and enforce Kubernetes security posture across EKS workloads — defining RBAC standards, network policies, and deployment safeguards that minimize lateral movement and blast radius; serve as the technical authority on container security patterns for the organization.

• →

  Set service-level objectives (SLOs) for security infrastructure services, lead capacity planning, define monitoring strategy, and drive continuous performance optimization for logging pipelines, monitoring systems, and security fabric components.

• →

  Lead incident response for complex or high-severity security infrastructure issues — including technical decision-making during active incidents and facilitating thorough post-incident reviews that produce lasting improvements to reliability and runbooks.

• →

  Design and own OpenSearch environments supporting security use cases, including index management strategy, performance tuning, access control architecture, and operational standards for teams managing these environments.

• →

  Design and maintain secure cross-account and multi-region infrastructure patterns — including KMS, IAM roles, and VPC configurations — and establish standards that ensure consistent security posture across environments at scale.

• →

  Mentor engineers across Security Engineering and partner teams by providing technical guidance, sharing best practices through documentation and code review, and fostering a culture of secure, reliable, well-tested engineering.

• →

  Drive initiatives that embed security into developer workflows — including secure ephemeral environments, secrets management pipelines, and test isolation patterns — partnering with core engineering teams to reduce friction and increase adoption.

• →

  Partner with engineering, platform, and product leaders to prioritize security objectives, influence architecture decisions, and shape cross-functional initiatives that improve security posture across the organization.

• →

  Evaluate new tools, patterns, and approaches through proof-of-concept work; validate technical direction before broader commitment and communicate findings and recommendations clearly to both technical and non-technical stakeholders.

• →

  Support internal security audits by ensuring data fidelity, maintaining comprehensive logs, and automating evidence collection to reduce manual burden on the team.

• →

  Perform other duties as assigned.

• While performing the duties of this job, the employee is regularly required to sit; use hands to type, handle, or feel; and talk or hear.

• Specific vision abilities required by this job include close vision.

• Ability to occasionally lift/move up to 25 pounds.

• Individuals with a disability who are otherwise able to perform the essential functions of the job may request reasonable accommodation through the Human Resources department.

• Bachelor’s degree in Computer Science, Information Security, or a related field; or equivalent self-directed study with demonstrated competency in security operations, cloud engineering, or platform reliability required.

• Six (6) or more years of professional experience in security engineering, platform reliability, cloud infrastructure, or site reliability engineering, with significant hands-on infrastructure ownership required.

• Four (4) or more years of experience designing and operating cloud-native services in AWS, including CI/CD automation, monitoring and observability, and infrastructure-as-code at scale required.

• Demonstrated experience architecting infrastructure that deploys consistently across many environments — multi-account, multi-region, or multi-tenant architectures — required.

• Hands-on experience with Kubernetes (EKS preferred), Terraform, GitOps workflows (ArgoCD, Kustomize), and OpenSearch or equivalent log analytics platforms required.

• Proven proficiency in Python as a production development language, including experience with testing frameworks and building maintainable, well-documented tooling or applications required.

• Proven track record of mentoring engineers, leading technical initiatives, and driving measurable improvements to reliability and security posture across an organization required.

• Experience designing and implementing policy-as-code or automated compliance frameworks preferred.

• Advanced knowledge of cloud security best practices and working fluency with compliance frameworks including SOC 2 Trust Services Criteria, PCI Data Security Standard, CIS Benchmarks, and the AWS Well-Architected Framework.

• Deep technical expertise with Kubernetes security (RBAC, network policies, pod security standards), CI/CD pipeline hardening, AWS IAM and encryption patterns, and cloud-native systems security.

• Advanced expertise with infrastructure-as-code tools (Terraform) and pipeline automation for secure, auditable deployments across many environments.

• Strong foundation in reliability engineering practices — including SLO development, capacity planning, incident management, and designing for operational resilience — applied in a security or compliance-sensitive context.

• Excellent troubleshooting and incident management skills across distributed systems; ability to lead technical resolution under pressure and drive lasting improvements through structured post-incident review.

• Demonstrated ability to translate technical security requirements into reusable frameworks, shared libraries, and engineering patterns that scale across teams.

• Strong mentorship and cross-team influence skills; able to raise the technical bar through code review, documentation, architecture guidance, and direct coaching.

• Strong written communication and documentation skills; able to explain infrastructure decisions and architectural tradeoffs to both technical and non-technical stakeholders including engineering leadership.

• Ability to prioritize and influence security objectives in roadmap discussions, balancing long-term platform health against near-term delivery commitments.

• Comfort working in a fully remote, async-first environment where proactive communication, thorough documentation, and reaching out via Slack are essential to day-to-day effectiveness.

• Calm under pressure, with the ability to triage operational issues, lead cross-team coordination, and maintain clear communication during high-severity incidents.

• Minimal, generally 12 days or less per year, approximately two team get-togethers per year.