Top Benefits
About the role
At Lumenalta, we partner with forward-thinking organizations to build technology solutions that scale, delight users, and accelerate business growth. Our global teams bring curiosity, commitment, and technical excellence to every project. We value transparency, autonomy, and impact—empowering every team member to do their best work.
We’re seeking an experienced Security Architect with deep cloud security expertise to join a high-stakes GCP platform engagement. This is a senior, hands-on role responsible for designing and validating the security posture of a multi-tenant cloud architecture—from VPC perimeter controls and identity propagation to penetration testing and formal security review defense. The right candidate is equally comfortable writing threat models, breaking tenant boundaries in a lab environment, and presenting architectural decisions to a formal security checkpoint panel.
Actively Hiring We are hiring for a current opening on an active client project. This is a specific, presently open role. We review applications on a rolling basis and aim to move qualified candidates through our process promptly.
What You'll Be Doing Design and enforce cloud security controls on GCP—including VPC Service Controls perimeters, Credential Access Boundaries (CABs), and least-privilege IAM policies across multi-tenant environments. Conduct penetration testing focused on tenant boundary validation, API and gs:// URI manipulation, privilege escalation paths, and lateral movement scenarios to proactively identify and close security gaps. Lead threat modeling and architectural security reviews, translating complex platform designs into structured risk assessments and actionable remediation plans. Validate identity propagation security across front-to-back delegation chains, ensuring tenant isolation is enforced at every layer of the architecture. Design and implement DLP controls, data retention policies, and compliance/audit posture frameworks aligned with regulatory and organizational requirements. Defend architectural decisions in formal security reviews—including Studio Content Security checkpoints—communicating threat mitigations, control rationale, and residual risk clearly to security review panels. Manage operational security controls, risk frameworks, and InfoSec governance to ensure confidentiality, integrity, and availability of all data assets across the platform. Identify emerging threats and vulnerabilities, implementing countermeasures and mitigations through advanced detection technologies and governance frameworks. Collaborate with engineering and product stakeholders to embed security requirements from design through delivery, removing blockers and ensuring compliance obligations are met.
What We’re Looking For 7+ years in cybersecurity or cloud security architecture, with demonstrated ownership of security design in production multi-tenant environments at scale. Deep hands-on expertise with GCP security primitives—VPC Service Controls, Credential Access Boundaries (CABs), least-privilege IAM, and Organization Policy constraints. Proven ability to conduct tenant boundary validation, API and gs:// URI manipulation testing, privilege escalation, and lateral movement assessments in cloud-native environments. Experience leading structured threat modeling sessions and architectural security reviews, producing actionable findings for engineering and leadership audiences. Strong understanding of identity propagation patterns—front-to-back delegation, service account chaining, and tenant isolation validation across distributed systems. Hands-on experience designing DLP controls, data retention policies, and audit posture frameworks aligned with regulatory requirements (GDPR, SOC 1/2, ISO 27001, and media content-security frameworks such as TPN or MPA content-security requirements, or equivalent). Demonstrated ability to present and defend architectural security decisions in formal review settings, including content security checkpoints or equivalent governance panels. Working knowledge of AWS security services (Security Hub, Control Tower, SCPs, IAM, Macie, GuardDuty) is a plus for cross-cloud engagements. Able to convey complex security concepts clearly to both technical teams and non-technical stakeholders, including executives and compliance officers. Strong written and verbal communication skills in English.
Desirable qualifications: Certified Information Systems Security Professional (CISSP) Offensive Security Certified Professional (OSCP) Google Professional Cloud Security Engineer certification
Why Lumenalta is an amazing place to work at At Lumenalta, you can expect that you will: Be 100% dedicated to one project at a time so that you can innovate and grow. Be a part of a team of talented and friendly senior-level developers. Work on projects that allow you to use leading tech.
Salary Salary range: CA$102,000 - CA$136,000 annually, with final compensation determined by your qualifications, expertise, experience, and the role's scope.
Location: This is a fully remote position; however, candidates must be based in regions that align with the Pacific, Central, or Eastern U.S. time zones to ensure effective collaboration with client and team schedules.
Benefits In addition to competitive pay, we offer a variety of benefits to support your professional and personal growth, including: Flexible working hours in a remote environment. Health insurance (medical and dental) for T4 Employees. A professional development fund to enhance your skills and knowledge. 15 days of paid time off annually. Access to soft-skill development courses to further your career.
Position Details This is a full-time position requiring a minimum of 40 hours per week, Monday through Friday.
Application Deadline Applications will be accepted until July 26, 2026. Candidates can expect feedback by August 3, 2026.
Not the right fit? Search for Security Architect jobs in Canada
About Lumenalta
We’re Lumenalta ✨
Previously known as Clevertech, we’re a group of highly-trained technologists that have supported the world’s leading brands across industries since 2000. We build custom software solutions with big business impact and have supported brands like Target, Dicom Transportation Group, and Peoplehood.
Similar Jobs
Top Benefits
About the role
At Lumenalta, we partner with forward-thinking organizations to build technology solutions that scale, delight users, and accelerate business growth. Our global teams bring curiosity, commitment, and technical excellence to every project. We value transparency, autonomy, and impact—empowering every team member to do their best work.
We’re seeking an experienced Security Architect with deep cloud security expertise to join a high-stakes GCP platform engagement. This is a senior, hands-on role responsible for designing and validating the security posture of a multi-tenant cloud architecture—from VPC perimeter controls and identity propagation to penetration testing and formal security review defense. The right candidate is equally comfortable writing threat models, breaking tenant boundaries in a lab environment, and presenting architectural decisions to a formal security checkpoint panel.
Actively Hiring We are hiring for a current opening on an active client project. This is a specific, presently open role. We review applications on a rolling basis and aim to move qualified candidates through our process promptly.
What You'll Be Doing Design and enforce cloud security controls on GCP—including VPC Service Controls perimeters, Credential Access Boundaries (CABs), and least-privilege IAM policies across multi-tenant environments. Conduct penetration testing focused on tenant boundary validation, API and gs:// URI manipulation, privilege escalation paths, and lateral movement scenarios to proactively identify and close security gaps. Lead threat modeling and architectural security reviews, translating complex platform designs into structured risk assessments and actionable remediation plans. Validate identity propagation security across front-to-back delegation chains, ensuring tenant isolation is enforced at every layer of the architecture. Design and implement DLP controls, data retention policies, and compliance/audit posture frameworks aligned with regulatory and organizational requirements. Defend architectural decisions in formal security reviews—including Studio Content Security checkpoints—communicating threat mitigations, control rationale, and residual risk clearly to security review panels. Manage operational security controls, risk frameworks, and InfoSec governance to ensure confidentiality, integrity, and availability of all data assets across the platform. Identify emerging threats and vulnerabilities, implementing countermeasures and mitigations through advanced detection technologies and governance frameworks. Collaborate with engineering and product stakeholders to embed security requirements from design through delivery, removing blockers and ensuring compliance obligations are met.
What We’re Looking For 7+ years in cybersecurity or cloud security architecture, with demonstrated ownership of security design in production multi-tenant environments at scale. Deep hands-on expertise with GCP security primitives—VPC Service Controls, Credential Access Boundaries (CABs), least-privilege IAM, and Organization Policy constraints. Proven ability to conduct tenant boundary validation, API and gs:// URI manipulation testing, privilege escalation, and lateral movement assessments in cloud-native environments. Experience leading structured threat modeling sessions and architectural security reviews, producing actionable findings for engineering and leadership audiences. Strong understanding of identity propagation patterns—front-to-back delegation, service account chaining, and tenant isolation validation across distributed systems. Hands-on experience designing DLP controls, data retention policies, and audit posture frameworks aligned with regulatory requirements (GDPR, SOC 1/2, ISO 27001, and media content-security frameworks such as TPN or MPA content-security requirements, or equivalent). Demonstrated ability to present and defend architectural security decisions in formal review settings, including content security checkpoints or equivalent governance panels. Working knowledge of AWS security services (Security Hub, Control Tower, SCPs, IAM, Macie, GuardDuty) is a plus for cross-cloud engagements. Able to convey complex security concepts clearly to both technical teams and non-technical stakeholders, including executives and compliance officers. Strong written and verbal communication skills in English.
Desirable qualifications: Certified Information Systems Security Professional (CISSP) Offensive Security Certified Professional (OSCP) Google Professional Cloud Security Engineer certification
Why Lumenalta is an amazing place to work at At Lumenalta, you can expect that you will: Be 100% dedicated to one project at a time so that you can innovate and grow. Be a part of a team of talented and friendly senior-level developers. Work on projects that allow you to use leading tech.
Salary Salary range: CA$102,000 - CA$136,000 annually, with final compensation determined by your qualifications, expertise, experience, and the role's scope.
Location: This is a fully remote position; however, candidates must be based in regions that align with the Pacific, Central, or Eastern U.S. time zones to ensure effective collaboration with client and team schedules.
Benefits In addition to competitive pay, we offer a variety of benefits to support your professional and personal growth, including: Flexible working hours in a remote environment. Health insurance (medical and dental) for T4 Employees. A professional development fund to enhance your skills and knowledge. 15 days of paid time off annually. Access to soft-skill development courses to further your career.
Position Details This is a full-time position requiring a minimum of 40 hours per week, Monday through Friday.
Application Deadline Applications will be accepted until July 26, 2026. Candidates can expect feedback by August 3, 2026.
Not the right fit? Search for Security Architect jobs in Canada
About Lumenalta
We’re Lumenalta ✨
Previously known as Clevertech, we’re a group of highly-trained technologists that have supported the world’s leading brands across industries since 2000. We build custom software solutions with big business impact and have supported brands like Target, Dicom Transportation Group, and Peoplehood.