Senior Platform Engineer, Security

What You'll Do

• Work with DevOps team to build out golden paths that streamline developer and builder workflows streamlining and applying shift left security policies on CI/CD deployment, internal tooling, LLM, and data science workflows
• Own cloud security posture on Google Cloud, landing-zone guardrails, least-privilege IAM, secrets and key management, codified as infrastructure-as-code so secure defaults are baked into golden paths rather than bolted on after
• Continuously evaluate attack surfaces across the application, infrastructure, and cloud, prioritize findings by exploitability and blast radius, and feed the highest-leverage fixes back into the platform
• Set and enforce AI-usage best practices, guardrails for agentic coding tools internally and Provide a security point of view on product AI/LLM features (prompt injection, data egress, model supply chain), in partnership with engineering leadership
• Action on improving security and compliance through a risk based approach implementing SOC2, ISO27001, and ISO27701 security and compliance frameworks
• Drive adoption and raise the security bar across engineering through better defaults, not mandates

What You Bring

• 6+ years in platform engineering, infrastructure/DevOps, or site reliability, with real depth building infrastructure, not just operating it
• Strong infrastructure-as-code skills (Terraform) and a track record of replacing ad hoc infra with reusable, self-service patterns
• Hands-on cloud depth, ideally Google Cloud (AWS or Azure translates), including IAM, networking, and least-privilege design
• Strong experience with Kubernetes and containerized workloads in production
• Practical experience embedding security tooling into CI/CD (SAST, SCA, secret scanning, supply chain controls) and building secure-by-default pipelines
• Strong programming or scripting ability (Python, Go, or similar) for building platform and automation tooling
• A security mindset: you design for least privilege and think about how things get abused, even when security is not the headline of the task
• Demonstrated ability to drive platform adoption and influence engineering teams without formal management authority

Preferred

• Experience standing up an internal developer platform or paved-road program from scratch
• Working knowledge of AI/LLM security risks and a point of view on using AI tools safely
• SOC 2, ISO 27001, or similar compliance experience in a fast-moving company
• Experience securing data warehouses or large data pipelines (Snowflake a plus)
• Familiarity with construction tech, BIM/3D data, or other domain-rich data products