Senior Platform Engineer, Security
Simplesense · Denver, CO · 5 days ago
HybridEngineering$180k–$235k/yrFull-time
Responsibilities
- Security Tooling & Compliance Codification: Partner with the Security Team to intake defined compliance baselines and translate them into automated configuration management playbooks for enterprise tools.
- IaC Deployment & Configuration Automation: Build, maintain, and scale automated IaC deployments to ensure operational environments and tools are managed as code.
- Access & Identity Automation: Collaborate with Security and Platform team members to automate user provisioning and access through existing application features, APIs and IaC methodologies.
- DevSecOps: Embed security concepts and tooling into the development and deployment pipeline to facilitate early identification and remediation opportunities.
- Cloud Network Security: Implement and harden automated security groups, network policies, and cloud infrastructure to securely segment dataflows across environments following Zero Trust principals.
- Secure Package Management: Deploy, configure, and maintain secure package management proxies and local repos to safeguard infrastructure pipelines and the software supply chain.
- Hands-on Engineering (70%): Write clean, reusable infrastructure code, configuration scripts, and API integrations, setting the technical pattern for secure-by-default platform architecture.
- Cross-Functional Alignment (30%): Collaborate with engineering and security teams to embed security tools directly into core infrastructure pipelines, breaking down work and resolving deployment bottlenecks.
Requirements
- Extensive professional experience (5-10 years) in platform engineering, system administration, cloud engineering, or DevSecOps, with an emphasis on security and automation.
- Proven track record of managing infrastructure-as-code (IaC) via tools like Cloudformation, Terraform, OpenTofu, or Ansible, across hybrid environments.
- Strong experience working with application APIs for configuration automation and management.
- Solid understanding of secure software supply chain mechanics, including package repositories, artifact management, and proxy configurations.
- Strong AWS cloud engineering and security background, with demonstrated experience in network topology automation, firewalls, autoscaling groups, and native security services (SecurityHub, GuardDuty, Inspector).
- Familiarity with NIST 800-53 and NIST 800-82 compliance.
- Able to work a hybrid schedule, primarily based in the Denver metro area, with an expectation of being in the office at least two or three times weekly.
- Must be a U.S. Citizen and able to obtain a DoD NIPR network account and Common Access Card (CAC).
- Current DoD 8140 Intermediate or Advanced Foundational Qualification or ability to obtain within 90 days of hire.
- Must have, or be able to obtain, a Secret Clearance.