Lumin DigitalRemote
Senior Security Platform Engineer
United States of America
Full Time
1 week ago
Visa Sponsor
Key skills
Security Platform EngineeringInfrastructure-as-CodeTerraformPythonKubernetesEKSGitOpsArgoCDKustomizeOpenSearchAWS Cloud InfrastructureAWS IAMAWS KMSCloud Security Best PracticesSOC 2 Trust Services CriteriaPCI Data Security StandardCIS BenchmarksAWS Well-Architected FrameworkPolicy-as-Code FrameworksCI/CD AutomationMonitoring and ObservabilityReliability EngineeringIncident ManagementCapacity PlanningNetwork PoliciesRBACPod Security StandardsCross-team InfluenceAnalyticsAWSIAMPerformance OptimizationCI/CDMentoring
About this role
Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. The Senior Security Platform Engineer will lead the design and continuous improvement of security infrastructure, mentor engineers, and partner with various teams to embed security principles across workflows.
Responsibilities:
- Architect and own multi-region, multi-account telemetry systems that support ingestion, storage, and analysis of security-relevant data at scale — including logging clusters, ingest pipelines, and alerting systems that enable detection and response capabilities across the platform
- Define and lead the design of infrastructure-as-code (primarily Terraform) standards that codify cloud environments and security services, enforcing consistency, auditability, and separation of duties across hundreds of environments; establish reusable modules and frameworks other teams can adopt
- Design and lead deployment workflows using GitOps patterns (ArgoCD, Argo Workflows, Kustomize) to manage security infrastructure across multiple AWS accounts and regions; define guardrails and pipeline controls that improve deployment security organization-wide
- Lead the design and rollout of policy-as-code frameworks that automate security controls at scale — establishing patterns that teams across engineering can build on rather than requiring per-team implementation
- Write and maintain production-quality Python applications and tooling that support platform operations, including automation, integration, and internal utilities — with a strong emphasis on code quality, testing, maintainability, and serving as a model for engineering standards
- Architect and enforce Kubernetes security posture across EKS workloads — defining RBAC standards, network policies, and deployment safeguards that minimize lateral movement and blast radius; serve as the technical authority on container security patterns for the organization
- Set service-level objectives (SLOs) for security infrastructure services, lead capacity planning, define monitoring strategy, and drive continuous performance optimization for logging pipelines, monitoring systems, and security fabric components
- Lead incident response for complex or high-severity security infrastructure issues — including technical decision-making during active incidents and facilitating thorough post-incident reviews that produce lasting improvements to reliability and runbooks
- Design and own OpenSearch environments supporting security use cases, including index management strategy, performance tuning, access control architecture, and operational standards for teams managing these environments
- Design and maintain secure cross-account and multi-region infrastructure patterns — including KMS, IAM roles, and VPC configurations — and establish standards that ensure consistent security posture across environments at scale
- Mentor engineers across Security Engineering and partner teams by providing technical guidance, sharing best practices through documentation and code review, and fostering a culture of secure, reliable, well-tested engineering
- Drive initiatives that embed security into developer workflows — including secure ephemeral environments, secrets management pipelines, and test isolation patterns — partnering with core engineering teams to reduce friction and increase adoption
- Partner with engineering, platform, and product leaders to prioritize security objectives, influence architecture decisions, and shape cross-functional initiatives that improve security posture across the organization
- Evaluate new tools, patterns, and approaches through proof-of-concept work; validate technical direction before broader commitment and communicate findings and recommendations clearly to both technical and non-technical stakeholders
- Support internal security audits by ensuring data fidelity, maintaining comprehensive logs, and automating evidence collection to reduce manual burden on the team
- Perform other duties as assigned
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent self-directed study with demonstrated competency in security operations, cloud engineering, or platform reliability required
- Six (6) or more years of professional experience in security engineering, platform reliability, cloud infrastructure, or site reliability engineering, with significant hands-on infrastructure ownership required
- Four (4) or more years of experience designing and operating cloud-native services in AWS, including CI/CD automation, monitoring and observability, and infrastructure-as-code at scale required
- Demonstrated experience architecting infrastructure that deploys consistently across many environments — multi-account, multi-region, or multi-tenant architectures — required
- Hands-on experience with Kubernetes (EKS preferred), Terraform, GitOps workflows (ArgoCD, Kustomize), and OpenSearch or equivalent log analytics platforms required
- Proven proficiency in Python as a production development language, including experience with testing frameworks and building maintainable, well-documented tooling or applications required
- Proven track record of mentoring engineers, leading technical initiatives, and driving measurable improvements to reliability and security posture across an organization required
- Experience designing and implementing policy-as-code or automated compliance frameworks preferred