At Lumenalta, we partner with forward-thinking organizations to build technology solutions that scale, delight users, and accelerate business growth. Our global teams bring curiosity, commitment, and technical excellence to every project. We value transparency, autonomy, and impact—empowering every team member to do their best work.
We’re seeking a Senior DevSecOps / SRE Engineer to support a high-traffic, mission-driven digital platform running on GCP. This is a senior, hands-on DevSecOps role focused on maturing the client’s security posture while contributing broadly across the platform and SRE function. You’ll ship from day one - wiring security into the CI/CD pipeline, hardening cloud access and identity, and helping keep a high-traffic platform reliable and secure.
Actively Hiring
We are hiring for a current opening on an active client project. This is a specific, presently open role. We review applications on a rolling basis and aim to move qualified candidates through our process promptly.
What You’ll Be Doing
- Wire security scanning into CI/CD pipelines before merge — standing up automated vulnerability management, policy-enforcement gates, secret scanning, and branch protections (with Wiz, the platform’s CNAPP) so issues are caught before they reach production.
- Review and harden GCP IAM configurations for least privilege — identifying over-permissioned users, service accounts, roles, and bindings across the platform, and remediating them through Terraform.
- Configure and maintain Fastly WAF rules targeting scraping, abuse, and edge-level threats — including rate limiting, edge authentication, and traffic shaping to protect platform integrity.
- Assist with Google Cloud PAM (Privileged Access Management) implementation — establishing just-in-time access workflows and reducing standing privileges across the environment.
- Own and extend IaC (Terraform) for GCP provisioning — ensuring changes are version-controlled, reviewed, and applied with security and least privilege as first-order constraints.
- Support Cloud Run workloads across the platform — contributing to the deployment, observability, and reliability of containerized services without deep Kubernetes overhead.
- Implement and maintain observability and alerting using New Relic and GCP-native tooling — keeping incident detection, SLO tracking, and reliability signals in place and actionable.
- Contribute broadly across SRE functions—incident response, on-call support, reliability improvements, and platform hardening—wearing multiple hats as needed within a collaborative, high-ownership team.
- Execute independently on Jira tickets from day one, operating with strong ownership and minimal ramp time in a fast-moving engineering environment.
What We’re Looking For
- Production GCP experience — hard requirement. Hands-on ownership in live GCP environments. AWS-only backgrounds do not qualify; lab or certification exposure does not substitute for production ownership.
- Senior DevSecOps or security-focused SRE background, with a track record of maturing security posture on live, high-traffic platforms.
- Security in CI/CD. Proven experience implementing vulnerability scanning, security and policy gates, secret scanning, and branch protection within CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent). Experience with Wiz—or a comparable CNAPP such as Prisma Cloud, Aqua, or Snyk—for vulnerability and cloud-posture management.
- GCP IAM least privilege. Deep experience reviewing and remediating IAM configurations (service accounts, roles, bindings) for least privilege.
- Production Terraform for GCP. Provisioning and IAM management in Terraform, applied with least privilege as a first-order constraint.
- Fastly WAF and edge security. Hands-on experience configuring WAF rules for scraping, abuse, and edge-level threats, plus rate limiting and edge authentication. Strong experience with a comparable CDN/WAF platform is acceptable if Fastly is not direct.
- Cloud Run. Experience deploying and operating containerized workloads on Cloud Run.
- Observability and alerting. Configuring monitoring, alerting, and SLO tracking (New Relic and/or GCP-native tooling) for reliability and incident detection.
- Familiarity with GCP Privileged Access Management for just-in-time access and standing privilege reduction.
- Broad infrastructure-as-code practice beyond Terraform—policy-as-code, drift detection, IaC security scanning.
- Understanding of CDN topology, DNS routing, and edge authentication patterns.
- Comfort in a fast-moving, high-ownership environment where engineers wear multiple hats across security, SRE, and platform.
Why Lumenalta is an amazing place to work at
At Lumenalta, you can expect that you will:
- Be 100% dedicated to one project at a time so that you can innovate and grow.
- Be a part of a team of talented and friendly senior-level developers.
- Work on projects that allow you to use leading tech.
Location
This is a fully remote position; however, candidates must be based in regions that align with the Pacific, Central, or Eastern U.S. time zones to ensure effective collaboration with client and team schedules.
Application Deadline
Applications will be accepted until July 12th, 2026. Candidates can expect feedback by July 20, 2026.

