Director of Security Engineering

As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden infrastructure end-to-end. While your primary focus will be on our GCP resources, you'll also partner with teams across networking, applications, and compliance to ensure we're secure by design and resistant to drift.

• →Enterprise Security Architecture - Governance and Compliance, including driving adherence to ISO 27001, SOC 2, GDPR, and enforcing CIS benchmarks on all infrastructure.
• →Policy, Automation, and Guardrails - own the end-to-end security lifecycle by defining policy-as-code, embedding continuous compliance checks into CI/CD, and building automated, drift-resistant guardrails across cloud, containers, and VMs.
• →Infrastructure Hardening and Drift Detection - implement automated drift alerts and self-healing playbooks for VPCs, firewall rules, Kubernetes clusters, and endpoints.
• →Monitoring, Logging, and Incident Response - configure Cloud Audit Logs, SIEM exports, and custom alerts for critical security events; lead root-cause investigations, build detection logic, and develop runbooks for cloud-wide incidents.

• 5+ years driving security and compliance in dynamic, regulated environments- securing cloud-native platforms and hybrid infrastructures, with deep familiarity in fintech and portfolio-management standards, and best practices for supporting distributed, remote teams.
• Deep expertise with GCP security (IAM, KMS, VPC Service Controls, Cloud Logging/Audit, WAF, SecOps) and Kubernetes application hardening.
• Strong Infrastructure-as-Code skills (Terraform or equivalent) and GitOps experience (ArgoCD, Flux).
• Proficiency in Python scripting and policy-as-code frameworks (OPA, Gatekeeper).
• Excellent communicator - able to translate technical findings into clear policies and remediation plans.

• Familiarity with multi-cloud security controls.
• Security certifications (GCP Professional Security Engineer, CISSP, CKA/CKS).
• Experience with service mesh (Istio/Anthos) or zero-trust architectures.