Senior Infrastructure Engineer, Cloud Security
About the team
We're looking to expand our Cloud Infrastructure team with a Senior Infrastructure Engineer, Cloud Security to lead the security-facing evolution of our platform. We run hundreds of services in production, which enable us to process billions of transactions, consume multiple terabytes of data, and produce millions of logs per day — and our cloud security posture needs to evolve to match that scale. In this role, you will own the security posture of our cloud infrastructure while continuing to contribute to the day-to-day engineering work of the team.
- Evolving our AWS account strategy, VPC design, and workload segmentation as our infrastructure footprint grows
- Owning our firewalls, and edge security strategy across our cloud footprint
- Enhancing our IaC security scanning, Terraform module governance, and pipeline security for our infrastructure deployments
- Owning and evolving our vulnerability management, misconfiguration detection, and SIEM strategy
- Setting the security bar for our AI products and AI-adjacent developer tooling, in partnership with product, InfoSec, and IT
- Contributing to day-to-day Cloud Infrastructure work alongside your security specialty — Terraform reviews, platform backlog, on-call rotation
About you
You have 6+ years of hands-on cloud engineering experience, with substantial time spent on cloud security in production — IAM, network architecture, blast-radius reduction, and vulnerability management
You write production Terraform fluently and have experience authoring custom IaC security scanning rules, pinning module versions, and hardening CI/CD pipelines
You have deep experience in at least one major cloud (AWS preferred, GCP acceptable), including account strategy, network design, and least-privilege IAM
You treat detection as a product and have experience consolidating vulnerability and misconfiguration programs where tooling produced more noise than signal
You have evaluated SIEM approaches — vendor-hosted, self-operated, or hybrid — and can make a principled choice for a given organization's scale and risk tolerance
You believe that secure defaults and paved roads are more effective than gates and approvals; low-friction compliance is the goal
You understand the security implications of LLMs, agents, and AI-enabled developer tooling, and can set a reasonable bar for their safe adoption
You work well on a collaborative Cloud Infrastructure team and partner effectively with InfoSec, IT, and parent-company security functions
Bonus points
- Led a cloud security migration or modernization project where you defined the vision, approach, and delivered the implementation
- Built or open-sourced internal security tooling, libraries, or scanning rules that improved how teams work with cloud infrastructure
- Translated compliance frameworks (SOC 2, PCI-DSS, or GLBA) into engineering controls without creating friction for development teams
- Have hands-on experience securing production AI or ML systems — including prompt injection defenses, agent sandboxing, or model supply chain risk
Benefits
We offer:
- Health, Dental & Vision Plans
- Competitive Pay
- 401k Matching
- Unlimited PTOLunch daily (in-office only)
- Snacks & Coffee (in-office only)
- Commuter benefits (in-office only)
Additional information
Salary range of $150,000 - $200,000/year + bonus + benefits. Base pay offered may vary depending on job-related knowledge, skills, and experience.