Note: The job is a remote job and is open to candidates in USA. Gerber Collision & Glass is a leading company in collision and glass services, committed to providing an elite infrastructure for its teams. They are seeking a Senior Platform Engineer to strengthen cloud security foundations across AWS and Azure, focusing on implementing security platforms and collaborating with Infrastructure Architecture.
Responsibilities
- Build and evolve cloud foundations in AWS Control Tower, including baseline standards for account structure, preventive cloud controls, and secure-by-default patterns
- Reduce privilege escalation paths by defining and enforcing least-privilege patterns, privileged role boundaries, and secure administrative workflows for cloud operations and automation
- Improve service/API security through standard patterns for workload/service identities, credential handling, and secure service-to-service access (in partnership with application and platform teams)
- Reduce lateral movement risk by implementing cloud network security architecture patterns (segmentation, controlled east-west paths, and a centralized egress/inspection approach where appropriate)
- Collaborate with the Infrastructure Architect on target designs and multi-quarter roadmaps; implement approved designs through standards, automation, and platform changes
- Design and implement security-as-code and policy-as-code enforcement in GitLab CI/CD for infrastructure and access changes, with a focus on preventing high-risk IAM and network patterns from being deployed
- Standardize secure delivery patterns through reusable pipeline templates/components and Terraform module conventions (PR-based change control, reviewable outputs)
- Secure CI/CD automation identities and secrets usage patterns in pipelines (permissions, separation of duties, and safe credential handling)
- Drive adoption across engineering teams by providing clear patterns, documentation, and reference implementations
- Design, implement, and own CyberArk across PAM, EPM, and Secrets Hub: onboarding patterns, access models, rotation workflows, elevation policies, privileged workflows, and platform automation
- Maintain and improve the current MFA/SSO platform as required, and support rationalization/consolidation toward the target platform strategy over time
- Provide standardized privileged access and secrets usage patterns that directly support cloud and CI/CD security objectives (automation identities, break-glass approach, service credential patterns)
- Establish continuous controls monitoring outcomes for cloud and platform controls (control validation, exception identification, and standardized reporting outputs)
- Provide and maintain security configurations and audit-ready outputs for control reviews (cloud controls, CI/CD enforcement controls, privileged access controls), coordinating with control owners as needed
- Translate security requirements into deployable technical standards implemented through established change processes
- Maintain documentation for platform designs, standards, CI/CD enforcement, privileged access workflows, and operational procedures
- Identify control gaps and operational inefficiencies and propose/implement targeted improvements
- Incorporate lessons learned from incidents, changes, and platform issues into standards, automation, and runbooks
- Participate in ongoing professional development to stay current with cloud security engineering practices and platform security tooling
Skills
- 5+ years of experience in platform engineering, cloud/infrastructure engineering with security ownership, and/or platform engineering in an enterprise environment
- Demonstrated experience designing and implementing security platforms, including partnering with architecture stakeholders to define target-state designs and roadmaps and executing them through technical delivery
- Strong AWS security engineering experience, including an AWS Organizations / Control Tower operating model
- Proven ability to implement preventive controls addressing privilege escalation, service/API security, and network lateral movement in cloud environments
- Strong CI/CD engineering experience with GitLab, including implementing security and policy enforcement into pipelines and PR workflows
- Proficiency with Terraform and strong automation skills using Python and/or PowerShell (API-driven integrations, repeatable tooling)
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience)
- Azure experience is a plus
- Hands-on experience with privileged access and secrets platforms: CyberArk preferred (PAM/EPM/Secrets Hub). Equivalent experience with Delinea/BeyondTrust acceptable
Benefits
- Annual Paid Time Off (PTO) plans
- 2 weeks of Paid Parental Leave for Full time Employees who work a minimum of 30 hours per week
- 6 paid holidays annually
- Medical, Prescription Drug, Dental & Vision Insurance effective Day 1
- 401(k) Retirement Plan with company match
- Employer Paid Short-Term Disability & Life Insurance
- Additional Voluntary Life Insurance
- Continuing Education Opportunities
- Free Prescription or Non-Prescription Safety Glasses annually
- Annual Voluntary Uniform Stipend
- Voluntary Daily Pay option available
- Flexible PTO Plan
- 2 weeks of paid parental leave for Full Time employees who work a minimum of 30 hour per week
- 6 paid holidays annually
- Medical, Prescription Drug, Dental & Vision Insurance
- 401(k) Retirement Plan with company match
- Employer Paid Short-Term Disability & Life Insurance
- Additional Voluntary Life Insurance
- Continuing Education Opportunities
- Free prescription or non prescription safety glasses each year
- Annual Voluntary Uniform Stipend
- Bonus opportunities tied to individual or business initiatives
Company Overview
Company H1B Sponsorship