At Lumenalta, we partner with forward-thinking organizations to build technology solutions that scale, delight users, and accelerate business growth. Our global teams bring curiosity, commitment, and technical excellence to every project. We value transparency, autonomy, and impact—empowering every team member to do their best work.
We’re seeking an experienced Security Architect with deep cloud security expertise to join a high-stakes GCP platform engagement. This is a senior, hands-on role responsible for designing and validating the security posture of a multi-tenant cloud architecture—from VPC perimeter controls and identity propagation to penetration testing and formal security review defense. The right candidate is equally comfortable writing threat models, breaking tenant boundaries in a lab environment, and presenting architectural decisions to a formal security checkpoint panel.
Actively Hiring
We are hiring for a current opening on an active client project. This is a specific, presently open role. We review applications on a rolling basis and aim to move qualified candidates through our process promptly.
What You'll Be Doing
- Design and enforce cloud security controls on GCP—including VPC Service Controls perimeters, Credential Access Boundaries (CABs), and least-privilege IAM policies across multi-tenant environments.
- Conduct penetration testing focused on tenant boundary validation, API and gs:// URI manipulation, privilege escalation paths, and lateral movement scenarios to proactively identify and close security gaps.
- Lead threat modeling and architectural security reviews, translating complex platform designs into structured risk assessments and actionable remediation plans.
- Validate identity propagation security across front-to-back delegation chains, ensuring tenant isolation is enforced at every layer of the architecture.
- Design and implement DLP controls, data retention policies, and compliance/audit posture frameworks aligned with regulatory and organizational requirements.
- Defend architectural decisions in formal security reviews—including Studio Content Security checkpoints—communicating threat mitigations, control rationale, and residual risk clearly to security review panels.
- Manage operational security controls, risk frameworks, and InfoSec governance to ensure confidentiality, integrity, and availability of all data assets across the platform.
- Identify emerging threats and vulnerabilities, implementing countermeasures and mitigations through advanced detection technologies and governance frameworks.
- Collaborate with engineering and product stakeholders to embed security requirements from design through delivery, removing blockers and ensuring compliance obligations are met.
What We’re Looking For
- 7+ years in cybersecurity or cloud security architecture, with demonstrated ownership of security design in production multi-tenant environments at scale.
- Deep hands-on expertise with GCP security primitives—VPC Service Controls, Credential Access Boundaries (CABs), least-privilege IAM, and Organization Policy constraints.
- Proven ability to conduct tenant boundary validation, API and gs:// URI manipulation testing, privilege escalation, and lateral movement assessments in cloud-native environments.
- Experience leading structured threat modeling sessions and architectural security reviews, producing actionable findings for engineering and leadership audiences.
- Strong understanding of identity propagation patterns—front-to-back delegation, service account chaining, and tenant isolation validation across distributed systems.
- Hands-on experience designing DLP controls, data retention policies, and audit posture frameworks aligned with regulatory requirements (GDPR, SOC 1/2, ISO 27001, and media content-security frameworks such as TPN or MPA content-security requirements, or equivalent).
- Demonstrated ability to present and defend architectural security decisions in formal review settings, including content security checkpoints or equivalent governance panels.
- Working knowledge of AWS security services (Security Hub, Control Tower, SCPs, IAM, Macie, GuardDuty) is a plus for cross-cloud engagements.
- Able to convey complex security concepts clearly to both technical teams and non-technical stakeholders, including executives and compliance officers.
- Strong written and verbal communication skills in English.
Desirable qualifications:
- Certified Information Systems Security Professional (CISSP)
- Offensive Security Certified Professional (OSCP)
- Google Professional Cloud Security Engineer certification
Why Lumenalta is an amazing place to work at
At Lumenalta, you can expect that you will:
- Be 100% dedicated to one project at a time so that you can innovate and grow.
- Be a part of a team of talented and friendly senior-level developers.
- Work on projects that allow you to use leading tech.
Location
This is a fully remote position; however, candidates must be based in regions that align with the Pacific, Central, or Eastern U.S. time zones to ensure effective collaboration with client and team schedules.
Application Deadline
Applications will be accepted until July 12th, 2026. Candidates can expect feedback by July 20, 2026.

