Senior Security Engineer - Platform Engineering

Requirements

Running Phase 1 in full. This is an Insight Global layered engagement — Taylor Farms is the end client. All public sections scrubbed accordingly.

✅ ACTIVE JOB SET: Senior Security Engineer (Platform Engineering) — Taylor Farms via Insight Global. Ready for resumes.

PHASE 1: JOB INTAKE — Senior Security Engineer

Req: NSITJP00012432 | Insight Global → Taylor Farms

STEP 1: ROLE INTELLIGENCE

A. ROLE SUMMARY

This is a hybrid security engineer / automation developer role embedded within a Platform Engineering group at a large commercial food production organization. The selected candidate works under direction from Insight's vCISO serving the client, translating high-level security governance directives into platform-specific configurations and code — covering NGFW, SASE/SSE, and EDR environments. Success at 6 months looks like automated security policy enforcement running consistently across client infrastructure with minimal manual intervention, and a clean audit trail back to vCISO directives.

B. WHY THIS ROLE IS HARD TO FILL

The combination of hands-on security automation (IaC, scripting) with enterprise security stack depth (NGFW + SASE/SSE + EDR + identity) in a DevSecOps delivery context narrows the candidate pool significantly — most engineers skew either toward pure SecOps or pure DevOps, not both. The travel requirement and remote-with-visits structure will filter further.

C. RED FLAG ASSESSMENT

• ✅ Scope is well-defined
  


• ✅ Rate is at market for this stack ($115–$120 to Insight is the bill rate — candidate pay will be sub-market but workable depending on structure)
  


• ⚠️ Travel requirement is real but loosely defined ("est 3–5 trips" — west coast, quarterly) — candidates need to understand this upfront
  


• ⚠️ Layered MSP engagement (Insight Global → Taylor Farms) — two interview layers, potential rate compression on CTI's end
  


• ⚠️ Rate to Insight is the bill rate CTI sees — CTI must price off of Insight's $115–$120, not Taylor Farms directly
  

Red flag count: 2 (rate compression in layered structure + travel ambiguity) → ⚠️ CAUTION BANNER applied to Internal JD

STEP 2: RATE ANALYSIS

STEP 3: ZOHO RECRUIT RECORD

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SECTION A — JOB OPENING INFORMATION

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Posting Title: Senior Security Engineer – Platform Engineering & Automation

Job Type: Contract

Target Date: ASAP / TBD (flag for clarification from Insight Global)

Industry: Information Technology / Managed Security Services

Client Rate Max: $120.00/hr Candidate Rate Max: $90.00/hr (C2C) | $72.00/hr (W2)

Required Skills: NGFW, SASE, SSE, EDR, Security Automation, Infrastructure as Code, DevSecOps, Identity Services, Platform Engineering

Contract Length — Duration: 7 Contract Length — Duration Type: Months (possible extension)

Address: City: Remote (Salinas HQ) State/Province: CA Country: US [Check "Remote Job" box — travel required quarterly]

Forecast Details: Number of Positions: 1 Revenue per Position: ~$10,500–$12,000/month (est. based on spread)

⚠️ CAUTION: Layered MSP engagement — Insight Global is the buyer; Taylor Farms is end client. Rate ceiling is $115–$120/hr (to Insight) — candidate pay spread is tight for senior security talent. Confirm CTI's exact markup structure with Insight before submitting. Travel requirement (3–5 trips, west coast) must be disclosed and accepted by candidate before submission.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SECTION B — INTERNAL JOB DESCRIPTION

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[CONFIDENTIAL — CTI internal use only. Never distribute externally.]

CLIENT: Taylor Farms (via Insight Global) END CLIENT CONTACT: Unknown — route through Insight Global ACCOUNT MANAGER: Jason Kramer MSP/VMS: Insight Global (Buyer: Taylor Farms) | Req: NSITJP00012432

ROLE SUMMARY: Senior Security Engineer sitting inside the Platform Engineering group at a large commercial agriculture/food production company. Reporting direction flows from Insight's vCISO serving Taylor Farms. Primary work is security automation development — turning vCISO security directives into platform-enforced configurations and code across NGFW, SASE/SSE, and EDR environments. This is not a pure hands-on SecOps role — it demands scripting and IaC fluency alongside security stack depth.

KEY EXTRACTION:

• End Client Industry/Domain: Commercial food production / agriculture (Taylor Farms — large-scale produce operation)
  


• Work Model: Remote with required travel — kickoff visit (west coast, likely Salinas, CA) plus estimated 3–5 quarterly trips for collaboration
  


• Interview Process: Insight screen first → Taylor Farms client interview (INFERRED: likely 2 rounds total)
  


• Hiring Manager: Unknown — surfaces through Insight interview process
  


• MSP/VMS: Insight Global layered engagement — CTI is sub-vendor
  

RATE DETAILS (CONFIDENTIAL):

• Client Rate Max (to Insight): $115–$120/hr
  


• Candidate Pay Rate C2C: $82–$90/hr
  


• Candidate Pay Rate W2: $65–$72/hr
  


• Suggested Bill Rate (CTI to Insight): $115–$120/hr (ceiling fixed by Insight)
  


• Rate Confidence: Medium
  


• Rate Note: Spread is workable at the C2C ceiling but tight. W2 candidates will likely push to $75+/hr — be selective.
  

TOP 3 NON-NEGOTIABLES:

1. Hands-on experience with at least two of: NGFW, SASE/SSE, EDR — not just familiarity, must be able to configure and automate policies
   


2. Demonstrated security automation experience — scripting, IaC, or DevSecOps pipeline integration (not just using tools, building workflows around them)
   


3. Platform/DevSecOps delivery environment — worked within a platform engineering group or DevSecOps team, not purely a SOC or firewall admin background
   

HIRING CHALLENGE / RISK: Candidate pool that combines security stack depth with automation/IaC development skills and a platform engineering context is small. Most SecOps engineers lack IaC fluency; most DevOps engineers lack the security governance translation ability. Rate ceiling creates additional friction for senior talent with this profile.

RECRUITER SCREENING QUESTIONS:

Q1 (Validates Non-Negotiable #1 — security stack depth): Walk me through a specific environment where you've configured and managed NGFW or SASE/SSE policies. What platform? What was your ownership level — were you writing configs, reviewing them, or both? Strong answer: Names specific vendor (Palo Alto, Zscaler, Cisco, etc.), describes end-to-end config responsibility, discusses policy governance, not just break/fix.

Q2 (Validates Non-Negotiable #2 — automation depth): Tell me about a security automation you built from scratch. What triggered the build, what tools or languages did you use, and what did it replace that was manual? Strong answer: Describes a real automation project — Python/Terraform/Ansible/etc. — with before/after operational impact. Bonus: built it within a platform or DevSecOps context.

Q3 (Situation/behavior — vCISO translation and cross-team communication): Describe a time you had to take a high-level security policy directive and translate it into a technical implementation. Who did you interface with, and where did the friction show up? Strong answer: Shows ability to work between strategy and execution, names the stakeholders, describes how they resolved ambiguity — not just "I built what they asked."

SOURCING NOTES: Target engineers with 7–12 years of experience, not career SOC analysts. Best profiles come from managed security providers (MSSPs), large enterprise IT shops with mature security programs, or technology consultancies doing security engineering delivery. Avoid candidates with exclusively federal/DOD backgrounds — commercial enterprise context matters here. Remote-friendly but west coast travel tolerance is a real filter; flag this early in screens.

⚠️ CAUTION: Layered MSP deal — Insight Global owns the relationship. Do not contact Taylor Farms directly. All submissions go to Insight contact. Rate spread is tight at the senior level; do not proceed with W2-only candidates above $70/hr without confirmation that spread works. Travel requirement (3–5 trips, west coast, starting at kickoff) is non-negotiable per the job order — confirm written acceptance from candidate before submitting.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SECTION C — PUBLIC JOB DESCRIPTION

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[Safe for Zoho career page, job boards, LinkedIn — zero end client details]

About This Opportunity

CTI Consulting & Staffing is partnering with a well-established national food production organization to place a Senior Security Engineer within their Platform Engineering group. The team is scaling its security automation capability — moving from manual policy enforcement toward codified, automated configurations across a modern enterprise security stack. This role connects security governance directly to platform execution, and the person in it will have direct influence on how security policies get built, deployed, and maintained across the environment.

What You'll Do

• Design and develop automation workflows for enterprise security technologies, including next-generation firewalls, SASE/SSE platforms, and endpoint detection and response solutions
  


• Translate security directives and policies from senior security leadership into platform-specific configurations and code
  


• Ensure consistent application and maintenance of security policies across client infrastructure
  


• Integrate security best practices into platform engineering and automation workflows
  


• Provide technical expertise in identity services and emerging security technologies
  


• Collaborate across security and platform engineering teams to align implementation with strategic security governance
  


• Maintain documentation and standards for automated security configurations
  

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SECTION D — PUBLIC REQUIREMENTS

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[Paste into the Requirements field in Zoho — separate from Job Description]

What You Bring

Must-Have:

• 7+ years of security engineering experience with hands-on configuration and management of enterprise-grade security platforms
  


• Proven expertise in at least two of the following: NGFW (Palo Alto, Fortinet, or equivalent), SASE/SSE (Zscaler, Netskope, or equivalent), EDR (CrowdStrike, SentinelOne, or equivalent)
  


• Demonstrated security automation experience — scripting, infrastructure-as-code, or DevSecOps pipeline integration
  


• Experience working within a platform engineering or DevSecOps delivery environment
  


• Ability to translate high-level security governance directives into technical configurations and automated workflows
  


• Strong cross-functional communication skills — able to work across security strategy and engineering execution
  


• Comfortable with quarterly travel for on-site collaboration (estimated 3–5 trips/year, primarily west coast)
  

Nice-to-Have:

• Experience working within an MSSP or managed security delivery model
  


• Familiarity with identity services platforms (Okta, Azure AD, or equivalent)
  


• Exposure to vCISO or security advisory structures
  


• Certifications: CISSP, CCNP Security, PCNSE, or equivalent
  

Technical Environment:

• Next-generation firewalls (Palo Alto, Fortinet, or similar)
  


• SASE/SSE platforms (Zscaler, Netskope, or similar)
  


• EDR platforms (CrowdStrike, SentinelOne, or similar)
  


• Infrastructure-as-code tooling (Terraform, Ansible, or similar)
  


• Identity and access management platforms
  


• Cloud and hybrid enterprise infrastructure environments
  

What Success Looks Like:

• Security policies are consistently automated and enforced across the client environment within the first 60 days
  


• Automation workflows are documented and repeatable, reducing manual configuration overhead for the platform team
  


• Security governance directives from leadership are translated cleanly into platform configurations with no gaps or drift