Lead Platform Security Engineer

Define and own the technical roadmap for platform security engineering across the VCF ecosystem.

Establish enterprise patterns for segmentation, identity, hardening, privileged access, compliance guardrails, and secure platform service adoption.

Lead architecture decisions across core and adjacent VCF tools, including NSX, vDefend, Aria Operations, Aria Automation, VKS, HCX, recovery tooling, and cloud-connected platform capabilities.

Serve as the senior escalation point for critical security incidents, platform risks, and design tradeoff decisions.

Partner with Infrastructure Platform leadership and Cybersecurity leadership to align platform controls with enterprise policy, risk appetite, and regulatory obligations.

Define measurable standards for control effectiveness, compliance evidence, exception management, and operational security maturity.

Lead the adoption of automation, policy-as-code, and continuous compliance capabilities to reduce manual effort and improve control consistency.

Guide secure integration of public cloud security practices, including identity, posture management, network controls, logging, encryption, and workload protection.

Review and approve high-risk changes, architectural exceptions, and control deviations affecting platform security.

Mentor senior engineers, shape career development, and build security engineering capability across the platform organization.

Schedule & Presence: This on-site role supports 24/7 operations through real-time collaboration, standard shifts occur within a 6:00 AM - 6:00 PM window, Monday through Friday. Additionally, this position requires scheduled on-call flexibility and the ability to remain reasonably reachable during off-hours for critical business continuity.

Expert-level experience with VCF ecosystem components beyond core virtualization, including Aria suite, VKS, NSX Advanced Load Balancer, HCX, Live Recovery, or comparable platform services.

Experience establishing cloud security standards for Azure and/or AWS in a hybrid operating model.

Experience with zero trust architecture, continuous compliance, and security reference architecture development.

Experience presenting technical risk, control posture, and roadmap decisions to senior leadership.

CISSP, CCSP, CISM, VMware advanced certification, or equivalent senior-level certifications.

Required Qualifications

Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field; or equivalent practical experience.

Minimum 8 years of progressive experience in infrastructure security, platform engineering, cloud security, or security architecture.

Deep expertise in VMware vSphere, NSX, and platform-native security control design.

Demonstrated leadership in hybrid cloud security, compliance engineering, or enterprise platform security architecture.

Strong experience with regulatory or control-based environments and translating policy into enforceable technical standards.

Proven experience leading cross-functional initiatives involving infrastructure, security, architecture, operations, and audit stakeholders.

Advanced automation and security engineering experience in enterprise-scale environments., If you are required to drive for us, we require a valid driver's license and compliance with our vehicle policy.

At HDR, our employee-owners are fully engaged in creating a welcoming environment where each of us is valued and respected, a place where everyone is empowered to bring their authentic selves and novel ideas to work every day. As we foster a culture of inclusion throughout our company and within our communities, we constantly ask ourselves: What is our impact on the world? Watch Our Story:' https://www.hdrinc.com/our-story' Each and every role throughout our organization makes a difference in our ability to change the world for the better. Read further to learn how you could help make great things possible not only in your community, but around the world., HDR is our company. Together, we build on each other's life experiences and perspectives to make great things possible every day. This shapes our collaborative culture, encourages organizational trust and connects us closer to the clients and communities we serve. Our Commitment As employee owners, we all have a role in creating an inclusive environment where each of us is welcomed, valued, respected and empowered to bring our authentic selves to work every day. Our eight Employee Network Groups (Asian Pacific, Black, Hispanic/Latino(a), LGBTQ+, People with Disabilities, Veterans, Women, Young Professionals) help create a sense of belonging and foster a supportive environment where everyone is empowered to engage and contribute. Each group has an executive sponsor and is open to all employees.We provide a comprehensive benefits package that promotes employee ownership, employee health, performance, and success, which includes medical, dental, vision, short and long-term disability, life insurance, an employee assistance program, paid time away, parental leave, paid holidays, a retirement savings plan with employer match, employee referral bonus and tuition reimbursement. The expected compensation range for this position depends upon skills, experience, education and geographical location. (Stated benefits are for full-time regular positions. Temporary and part-time roles eligible for limited benefits.) Folsom, CA; Denver, CO; Englewood, CO: $112,651 - $160,930 Minneapolis, MN; St. Paul, MN: $107,531 - $153,615 Pennington, NJ: $117,771 - $168,245 Woodcliff Lake, NJ: $128,013 - $182,875 Olympia, WA: $102,410 - $146,300