Security Platform Lead

Benefits: 401(k) Dental insurance Health insurance Project Overview Project Type: Secure software and platform implementation program Security Context: Environment requiring support for FIPS 140-3 and alignment to NIST SP 800-171 / 800-172 expectations (cryptographic boundary design experience required) Project Duration: Estimated 12-month engagement from kickoff through final delivery, validation, training, and closeout. Technology Stack: Frontend --- Next.js, Backend --- Python and Java Position Summary We are seeking a Security Platform Lead to own the design and implementation of security-focused platform capabilities across identity, secrets protection, encryption-adjacent controls, access governance, secure storage, system hardening, and compliance readiness. This role is responsible for embedding security into platform architecture and delivery while supporting auditability, operational resilience, and secure engineering practices. Key Responsibilities · Lead security architecture and implementation across platform, application, and operational layers. · Design and guide implementation of secure secrets management, certificate handling, privileged access controls, and service authentication patterns. · Define security controls for identity, access, role governance, session security, audit logging, and administrative workflows. · Guide secure storage, immutability, logging integrity, and cryptographic boundary design decisions. · Define security baselines, hardening standards, and implementation guardrails for environments and services. · Review architecture, code, configurations, and workflows for security risks and mitigations. · Support incident readiness, disaster recovery planning, and operational validation from a security perspective. · Produce and review security design documents, control narratives, configuration standards, and remediation plans. Required Qualifications · Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related field, or equivalent practical experience. · 7+ years of experience in security engineering, platform security, cloud security, or secure systems design. · Direct experience designing or implementing systems that must align with FIPS 140-3 cryptographic module requirements or validated cryptographic modules where required. · Strong familiarity with NIST SP 800-171 control implementation in nonfederal environments handling CUI. · Ability to translate security requirements into technical controls for authentication, authorization, secrets handling, logging, system hardening, audit trails, and resilience. · Experience with compliance-oriented security architecture, control mapping, and technical evidence preparation. · Strong documentation and communication skills. Preferred Qualifications · Experience with NIST SP 800-172 enhanced safeguards, especially cyber resiliency, defense-in-depth, and protection of higher-value systems. · Experience with Kubernetes security, workload identity, certificate lifecycle, and secure service communication. · Experience with secrets platforms, key protection workflows, privileged access control, or hardware-backed security solutions. · Security certifications such as CISSP, CCSP, Security+, or equivalent. Success Profile · Security-first mindset. · Pragmatic and delivery-oriented. · Strong architecture discipline. · Able to work closely with developers and platform engineers. This is a remote position.