Note: The job is a remote job and is open to candidates in USA. Lumenalta is a technology solutions company that partners with organizations to drive business growth through innovative solutions. They are seeking a Senior DevSecOps / Site Reliability Engineer to enhance the security posture of a high-traffic digital platform on GCP, focusing on integrating security within CI/CD processes and maintaining system reliability.
Responsibilities
- Wire security scanning into CI/CD pipelines before merge — standing up automated vulnerability management, policy-enforcement gates, secret scanning, and branch protections (with Wiz, the platform’s CNAPP) so issues are caught before they reach production
- Review and harden GCP IAM configurations for least privilege — identifying over-permissioned users, service accounts, roles, and bindings across the platform, and remediating them through Terraform
- Configure and maintain Fastly WAF rules targeting scraping, abuse, and edge-level threats — including rate limiting, edge authentication, and traffic shaping to protect platform integrity
- Assist with Google Cloud PAM (Privileged Access Management) implementation — establishing just-in-time access workflows and reducing standing privileges across the environment
- Own and extend IaC (Terraform) for GCP provisioning — ensuring changes are version-controlled, reviewed, and applied with security and least privilege as first-order constraints
- Support Cloud Run workloads across the platform — contributing to the deployment, observability, and reliability of containerized services without deep Kubernetes overhead
- Implement and maintain observability and alerting using New Relic and GCP-native tooling — keeping incident detection, SLO tracking, and reliability signals in place and actionable
- Contribute broadly across SRE functions—incident response, on-call support, reliability improvements, and platform hardening—wearing multiple hats as needed within a collaborative, high-ownership team
- Execute independently on Jira tickets from day one, operating with strong ownership and minimal ramp time in a fast-moving engineering environment
Skills
- Production GCP experience — hard requirement. Hands-on ownership in live GCP environments. AWS-only backgrounds do not qualify; lab or certification exposure does not substitute for production ownership
- Senior DevSecOps or security-focused SRE background, with a track record of maturing security posture on live, high-traffic platforms
- Security in CI/CD. Proven experience implementing vulnerability scanning, security and policy gates, secret scanning, and branch protection within CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent). Experience with Wiz—or a comparable CNAPP such as Prisma Cloud, Aqua, or Snyk—for vulnerability and cloud-posture management
- GCP IAM least privilege. Deep experience reviewing and remediating IAM configurations (service accounts, roles, bindings) for least privilege
- Production Terraform for GCP. Provisioning and IAM management in Terraform, applied with least privilege as a first-order constraint
- Fastly WAF and edge security. Hands-on experience configuring WAF rules for scraping, abuse, and edge-level threats, plus rate limiting and edge authentication. Strong experience with a comparable CDN/WAF platform is acceptable if Fastly is not direct
- Cloud Run. Experience deploying and operating containerized workloads on Cloud Run
- Observability and alerting. Configuring monitoring, alerting, and SLO tracking (New Relic and/or GCP-native tooling) for reliability and incident detection
- Familiarity with GCP Privileged Access Management for just-in-time access and standing privilege reduction
- Broad infrastructure-as-code practice beyond Terraform—policy-as-code, drift detection, IaC security scanning
- Understanding of CDN topology, DNS routing, and edge authentication patterns
- Comfort in a fast-moving, high-ownership environment where engineers wear multiple hats across security, SRE, and platform
Benefits
- This is a fully remote position; however, candidates must be based in regions that align with the Pacific, Central, or Eastern U.S. time zones to ensure effective collaboration with client and team schedules.
Company Overview