Platform Security Architect

The Company

NorthMark Compute & Cloud (NMC²) is backed by dedicated leadership and investment, with a clear mission as it operates at the bleeding edge of technology. Its goal is to scale and enhance the high-performance computing (HPC) and cloud infrastructure that supports its clients' research, production, and delivery, enabling breakthroughs that shape the industries of tomorrow. Its engineers build critical infrastructure to eliminate friction in scientific research, simulations, analysis, and decision-making, accelerating discovery and driving faster innovation.

The Position

The Platform Security Architect will partner with internal stakeholders (on-prem & cloud), customer teams, and CISO/security groups to define policies/controls; They will help implement security controls across the platform SDLC stack, CI/CD pipelines, and infrastructure. This role will help ensure compliance/policy adherence, and security operational excellence.

This role will provide guidance and ensure that security is embedded into every stage of software delivery, while enabling engineering teams to adopt best practices and tools. Expertise in pipelines and public cloud, for protecting workloads across hybrid environments.

Responsibilities:

• Architect and design end-to-end security for the SDLC stack (repos, pipelines, artifact registries, deployment tooling).

• Secure CI/CD pipelines: implement code scanning, dependency checks, artifact signing, and secrets management.

• Establish Security best-practices in Public Cloud and on-prem infrastructure with guidance on enforcement

• Partner with external security teams to align and enforce policies and controls.

• Establish policy-as-code frameworks for automated compliance.

• Define and partner with DevSecOps teams to implement network security controls using service mesh, eBPF, and Cilium (network policies, L7 visibility, workload isolation).

• Define and govern identity and access management models for platform and service workloads.

• Drive adoption of DevSecOps tooling across engineering teams, ensuring frictionless integration into delivery workflows.

• Define audit, logging, and compliance mechanisms across all pipelines and services.

• Design framework/ tooling to prove the meeting of security requirements for nmc2 with separation of duties for High Integrity environments

• Drive Tracking and reporting of risks being raised against teams and ensuring completion on time

• Provide security-focused ADRs (Architecture Decision Records) to capture architectural rationale.

• Coach engineering teams on secure design, threat modeling, and best practices.

Requirements:

• 10-12+ years of experience in Security discipline

• Expertise in DevSecOps tooling like Consul, Snyk, Trivy, Aqua, Anchore, SonarQube, HashiCorp Vault.

• Strong experience building secure architectures in the Pubilic Clouds lilke AWS (preferably), Azure etc.

• Deep knowledge of IAM and secrets management (like ActiveDirectory, Vault, Okta, AWS IAM).

• Experience with CI/CD security: artifact signing, SBOM generation, pipeline hardening, code scanning, dependency checks

• Scripting ability & automation using IaaC tools

• Experience with Container security aspects: k8s policies, service mesh, eBPF for observability, intrusion detection, and runtime enforcement; cluster hardening

• Experience with Consul integrations with Kubernetes, Vault, or other relevant platforms.

• Proficiency in policy-as-code frameworks (e.g.OPA, Kyverno, Gatekeeper).

• Familiarity with compliance benchmarks/frameworks like CIS, NIST, SOC2, GDPR.

• Cloud and Security oriented certifications (like CISSP, OSCP etc.) are highly desired.

• Excellent collaboration skills with security, engineering, and compliance stakeholders.