Security Platform Engineer

Summary

Join Lumin Digital's Security Engineering team as a Security Platform Engineer and build, operate, and maintain infrastructure to detect, analyze, and mitigate security threats across our cloud-native platform. This role combines site reliability engineering with a strong security focus, designing resilient, observable, and scalable security systems. You will contribute to platform integrity by designing, deploying, and maintaining security solutions, including telemetry pipelines and CI/CD workflows. You will also participate in on-call rotations, triaging incidents, and improving runbooks and monitoring. Collaboration with platform and product engineering teams is key to embedding security into system architecture and processes. The position requires a strong security mindset and experience with cloud infrastructure and security tools.

Requirements

• Associate degree in Computer Science, Information Security, or related field; or equivalent self-directed study with demonstrated competency in security operations, cloud engineering, or platform reliability required
• Three (3) years of relevant experience in cloud infrastructure, platform engineering, or security engineering
• Two (2) years of experience designing and operating cloud-native services (preferably AWS), including experience with CI/CD automation, monitoring, and infrastructure-as-code
• Experience with Kubernetes, Terraform, Git-based workflows, OpenSearch (or similar platforms), and scripting (e.g., Python or Bash) required
• Working knowledge of cloud security best practices, including the requirements and guidance from security and compliance frameworks, such as SOC 2 Trust Services Criteria, PCI Data Security Standard, the CIS Benchmarks, and the AWS Well-Architected Framework
• Technical proficiency with cloud security principles, including IAM, encryption, network segmentation, and secure telemetry collection
• Familiarity with operational practices such as capacity planning, SLO development, and incident management
• Demonstrated ability to build and support complex distributed systems using automation and configuration management
• Calm under pressure, with the ability to triage incidents and collaborate across technical and non-technical stakeholders
• Strong communication and documentation skills; able to teach and influence secure engineering practices across teams
• Ability to work independently and remotely while maintaining high levels of productivity and collaboration
• Must be able to pass requisite background checks to access sensitive information

Responsibilities

• Build and maintain infrastructure for security-focused telemetry and observability, including logging clusters, ingest pipelines, and alerting tools that enable effective detection and response capabilities
• Develop and maintain CI/CD pipeline integrations that automatically scan for vulnerabilities, enforce policy guardrails, and promote secure artifact handling across environments
• Use infrastructure-as-code tools (e.g., Terraform) to codify cloud environments and security services, enforcing consistency, auditability, and separation of duties
• Secure Kubernetes workloads by configuring RBAC, network policies, and deployment safeguards to reduce lateral movement and minimize blast radius
• Participate in an on-call rotation for security-related services, triaging incidents and contributing to post-incident reviews and durable improvements to runbooks and monitoring
• Implement and continuously improve index management, performance tuning, and role-based access controls for logging environments supporting security use cases
• Design and advocate for secure cross-account and multi-region infrastructure patterns, including the use of KMS, IAM roles, and VPC configurations to protect sensitive data in motion and at rest
• Collaborate with platform and product engineering teams to embed security into system architecture, deployment processes, and operational practices from the start
• Support internal security audits and incident response activities by maintaining logs, ensuring data fidelity, and automating evidence collection where feasible