Role Overview
As a Senior Platform Security Engineer, you will be central to safeguarding our platform's infrastructure. Your work will focus on building and refining security tooling, enforcing compliance, and embedding security practices throughout the development lifecycle. You'll collaborate closely with engineering, legal, and security teams to proactively address risks and ensure resilient, scalable systems.
Key Responsibilities
- Design, implement, and maintain internal platforms for vulnerability detection and management
- Support continuous compliance initiatives and triage application security findings
- Serve as the primary technical contact for the Global Security Team
- Ensure alignment with ISO27001, C5, and SOC2 requirements across infrastructure and services
- Integrate security controls at every stage of the platform lifecycle, from development to deployment
- Monitor, detect, and mitigate potential threats before they impact operations
- Manage and optimize Kubernetes clusters deployed across multiple geographic regions
- Develop and maintain CI/CD pipelines to support secure, reliable releases
- Ensure high availability and performance of critical services
- Respond to urgent security incidents, including DDoS events and abuse reports
- Conduct system audits in coordination with PMS teams and support secure migrations
- Advise on encryption standards, secure cloud integrations, and network configurations
- Work with Legal to interpret data protection laws and apply them to technical implementations
- Guide internal teams on infrastructure security best practices and remediation strategies
What We’re Looking For
- Proven background in platform and infrastructure security
- Strong grasp of vulnerability management and automated compliance systems
- Hands-on experience managing Kubernetes environments across regions
- Proficiency with CI/CD systems and infrastructure-as-code tools
- Ability to operate independently while supporting broader team goals
- Effective communication and collaboration skills across technical and non-technical stakeholders
- Familiarity with security frameworks including ISO27001, C5, and SOC2
- Experience identifying and resolving security misconfigurations and threats
- Knowledge of secure networking and encryption practices
- Capacity to lead during security escalations as a technical liaison
Nice-to-Have
- Experience in multi-team, large-scale technology environments
- Background in healthcare technology or Practice Management Systems (PMS)
- Previous work in regulated sectors involving data privacy and encryption compliance
- Understanding of legal requirements around data residency and privacy regulations
Technology Environment
- Kubernetes
- CI/CD pipelines
- Infrastructure as Code
- Vulnerability management platforms
- Compliance monitoring tools
- Cloud Service Provider (CSP) integrations
- Networking and encryption technologies
