Staff Security Platform Engineer

Gorgias·Remote(Buenos Aires)
Software Development

WFA Digital Insight

The demand for skilled security engineers has surged in recent years, with a 25% increase in job openings in 2025 alone. As companies continue to shift towards cloud-based infrastructure, the need for experts in Kubernetes security and compliance has become paramount. Gorgias, a pioneer in conversational commerce, is seeking a highly skilled Staff Security Platform Engineer to bolster its security posture. With the company's commitment to innovation and customer experience, this role offers a unique opportunity to work on cutting-edge technology and make a tangible impact on the company's growth. Before applying, candidates should be prepared to demonstrate their expertise in cloud security, compliance, and Kubernetes, as well as their ability to work in a fast-paced, dynamic environment.

Job Description

About the Role

Gorgias is seeking a highly skilled Staff Security Platform Engineer to join its team, focusing on cloud security, Kubernetes, and compliance. As a Staff Security Platform Engineer, you will play a critical role in ensuring the security and integrity of Gorgias' platform, working closely with the SRE team and engineering leadership to implement and manage essential security tools and processes.

The role entails designing and implementing secure-by-default platforms, building guardrails and policy enforcement, and hardening CI/CD and IaC pipelines. You will also lead secrets management, strengthen networking fundamentals, and develop incident response playbooks. Your expertise in cloud security, Kubernetes, and compliance will be essential in driving the company's security strategy forward.

Gorgias is committed to innovation and customer experience, and this role offers a unique opportunity to work on cutting-edge technology and make a tangible impact on the company's growth.

What You Will Do

  • Own cloud and Kubernetes security, including IAM, RBAC, network policies, workload identity, and GKE hardening across 10+ global clusters
  • Design secure-by-default platforms, building guardrails and policy enforcement that guide teams without blocking them
  • Harden CI/CD and IaC pipelines, securing GitHub Actions, ArgoCD, and Terraform workflows end-to-end
  • Lead secrets management, designing and implementing decoupled secrets architecture so credentials never live in deploys or repos
  • Strengthen networking fundamentals, including VPC design, peering, cross-cloud connectivity, and zero-trust segmentation
  • Build security-focused logging and monitoring, designing the observability layer that catches threats, not just collects noise
  • Implement runtime detection, including IDS, file integrity monitoring, and behavioral anomaly detection across GKE workloads
  • Develop incident response playbooks, owning the response process end-to-end
  • Manage and evolve the SIEM, driving meaningful signal-to-noise improvements and building automated mitigation where it matters
  • Design and enforce strong auth standards across internal tools, APIs, and customer-facing surfaces
  • Audit and mature privileged access management, ensuring least-privilege is real, not theoretical
  • Own the ongoing health of SOC 2 Type II, keeping controls tight between audits, not just before them
  • Drive the next compliance milestones, including ISO 27001 and data protection (PII, GDPR) as we expand enterprise and global reach

What We Are Looking For

  • 5+ years of experience in infrastructure security, cloud security, or security engineering, ideally in a high-growth SaaS environment
  • Deep GCP and Kubernetes expertise, including GKE, workload identity, network policies, RBAC
  • Strong networking fundamentals, including VPC design, peering, firewall architecture, zero-trust networking
  • Hands-on CI/CD and IaC hardening experience, including GitHub Actions, ArgoCD, Terraform security patterns
  • Auth expertise, including OAuth 2.0, OIDC, SAML
  • Policy-as-code experience, including OPA, Kyverno, or equivalent
  • Detection and response background, including SIEM, IDS, runtime security tools, and experience writing real runbooks
  • Compliance experience, including SOC 2, ISO 27001, and data protection (PII, GDPR)

Nice to Have

  • Experience with cloud security platforms, such as AWS or Azure
  • Knowledge of containerization and orchestration, including Docker and Kubernetes
  • Familiarity with security frameworks and standards, such as NIST and ISO 27001
  • Certification in security, such as CISSP or CISM

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a cutting-edge technology stack
  • Collaborative and dynamic work environment
  • Flexible working hours and remote work options
  • Professional development and growth opportunities
  • Access to the latest security tools and technologies
  • Recognition and reward for outstanding performance

How to Stand Out

  • Be prepared to demonstrate your expertise in cloud security, Kubernetes, and compliance during the interview process.
  • Highlight your experience with security-focused logging and monitoring, as well as your ability to develop incident response playbooks.
  • Show a deep understanding of GCP and Kubernetes, including GKE, workload identity, network policies, and RBAC.
  • Emphasize your hands-on experience with CI/CD and IaC hardening, including GitHub Actions, ArgoCD, and Terraform security patterns.
  • Be ready to discuss your approach to secrets management and how you would design and implement a decoupled secrets architecture.
  • Research Gorgias' security strategy and be prepared to discuss how you can contribute to it.
  • Prepare examples of your experience with detection and response, including SIEM, IDS, and runtime security tools.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.