As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden infrastructure end-to-end. While your primary focus will be on our GCP resources, you'll also partner with teams across networking, applications, and compliance to ensure we're secure by design and resistant to drift.

Responsibilities:

• Enterprise Security Architecture - Governance and Compliance, including driving adherence to ISO 27001, SOC 2, GDPR, and enforcing CIS benchmarks on all infrastructure.
• Policy, Automation, and Guardrails - own the end-to-end security lifecycle by defining policy-as-code, embedding continuous compliance checks into CI/CD, and building automated, drift-resistant guardrails across cloud, containers, and VMs.
• Infrastructure Hardening and Drift Detection - implement automated drift alerts and self-healing playbooks for VPCs, firewall rules, Kubernetes clusters, and endpoints.
• Monitoring, Logging, and Incident Response - configure Cloud Audit Logs, SIEM exports, and custom alerts for critical security events; lead root-cause investigations, build detection logic, and develop runbooks for cloud-wide incidents.

Requirements:

• 5+ years driving security and compliance in dynamic, regulated environments- securing cloud-native platforms and hybrid infrastructures, with deep familiarity in fintech and portfolio-management standards, and best practices for supporting distributed, remote teams.
• Deep expertise with GCP security (IAM, KMS, VPC Service Controls, Cloud Logging/Audit, WAF, SecOps) and Kubernetes application hardening.
• Strong Infrastructure-as-Code skills (Terraform or equivalent) and GitOps experience (ArgoCD, Flux).
• Proficiency in Python scripting and policy-as-code frameworks (OPA, Gatekeeper).
• Excellent communicator - able to translate technical findings into clear policies and remediation plans.

Helpful Experience:

• Familiarity with multi-cloud security controls.
• Security certifications (GCP Professional Security Engineer, CISSP, CKA/CKS).
• Experience with service mesh (Istio/Anthos) or zero-trust architectures.