Senior Platform Engineer - Security

About Us

Artlogic is a vertical SaaS company revolutionising the art industry. Founded in 1989, Artlogic has grown to become market leaders in art tech, empowering 4,500+ galleries, dealers and art professionals worldwide to streamline their operations, saving time and money. At the end of 2021, Artlogic was acquired by tech investors Cove Hill with a view to accelerate innovation and development of their core products; a SquareSpace-style solution tailored for the needs of the artworld, and an operational backbone product focused on simplifying and streamlining back office operations. Since Cove Hill's investment, the company has doubled in employee size and grown revenue to more than £10m.

About the role

We are seeking a Senior Platform Engineer with deep expertise in infrastructure security, cloud technologies, and a passion for enhancing our security posture. You will play a key role in managing our risk register, running threat models, and ensuring robust security across our platforms. You will also possess a Platform as a Product mindset and understand what is required to help move Platform Engineering towards being an enabler for our R&D Engineering function and the wider business.

Key Responsibilities

Security Leadership & Improvement:

Take ownership and lead the development and implementation of our infrastructure security roadmap, focusing on enhancing our security posture across all platforms and services.

Risk & Threat Management:

Manage our internal platform risk register and help prioritise initiatives that emerge from it. Conduct threat modelling exercises to identify and mitigate potential vulnerabilities.

Security Tooling & Metrics:

Own and manage key security tools, including Wiz.io, Acunetix, and penetration testing services. Develop and maintain security metrics to effectively track and communicate risk landscape improvements.

Collaboration & Mentorship:

Work closely with SRE, Platform Engineering, product teams, and other stakeholders to ensure that platform infrastructure is secure, reliable, and performant. Provide technical leadership and mentoring to engineers across the team.

Infrastructure Optimisation:

Continuously improve our infrastructure by using a data-driven approach to measure performance, efficiency, and security gains, focusing on AWS and GCP.

Stakeholder Engagement:

Actively communicate and collaborate with internal and external stakeholders to align security and platform objectives. Ensure complex technical concepts are clearly understood by non-technical audiences.

Required Skills and Experience

• Extensive experience with public cloud providers, particularly AWS and GCP, with a focus on security and infrastructure optimisation.
• Proven track record of using Infrastructure as Code (IaC) tools, including Terraform, CloudFormation, and Ansible, to build, automate, and deploy secure and scalable platforms.
• Extensive experience supporting and building scalable pipelines with CI/CD tooling like GitLab or GitHub with a security focus e.g Secure SDLC (SAST, DAST etc)
• Experience in infrastructure security, including a solid understanding of DevSecOps principles and 'Secure by Design' methodologies. Strong expertise in enhancing security across multi-tiered platforms.
• Experience nurturing and advocating for a shift left culture
• Extensive experience with Observability tooling such as Datadog or ELK
• Hands-on experience in risk management, including managing a risk register, conducting threat modelling, and using security tools like Wiz.io and Acunetix.
• Strong leadership and mentoring skills, with the ability to guide and develop junior engineers and lead technical discussions and decision-making.
• Excellent communication and stakeholder management abilities, with the capacity to explain technical details clearly and effectively to non-technical stakeholders.
• Experience in defining and tracking security metrics, providing insights to help measure risk landscape improvements.
• Strong engineering background with familiarity in modern programming languages (e.g., Python, Node.js), Test-Driven Development (TDD), and agile development practices.
• A pragmatic and strategic approach to problem-solving, valuing simplicity and scalability.
• Willingness to provide on-call support as necessary.