Skip to content
SiftstackSiftstackMarina del Rey, CA

Software Engineer, Security Infrastructure

Builds and automates security controls, tooling, and compliance for AWS, Kubernetes, and CI/CD in cloud-native environments. Requires 4+ years in security engineering with hands-on IaC, scripting, and frameworks like SOC 2/FedRAMP.

170k – 220k
Hybrid4+ YOESecurity Engineering

About the role

Responsibilities

  • Build and maintain tooling, scripts, services, and automation that assess, enforce, and monitor security and compliance controls across AWS cloud environments, Kubernetes clusters, and CI/CD pipelines.
  • Develop lightweight internal solutions (e.g., policy-as-code, custom scanners, CI/CD integrations) that make security and compliance automatic, auditable, and invisible to the rest of engineering.
  • Embed security guardrails directly into infrastructure-as-code (Terraform), container orchestration, and deployment workflows so that secure-by-default becomes the path of least resistance.
  • Partner closely with the infrastructure and platform engineering teams to harden cloud-native systems, implement access controls, encryption, logging/monitoring, and vulnerability management at scale.
  • Improve visibility into our overall security posture through automated reporting, dashboards, and real-time observability that highlight risks and control coverage.
  • Translate compliance requirements (SOC 2, FedRAMP, and related frameworks) into pragmatic, enforceable technical implementations rather than manual checklists.
  • Reduce toil by automating security workflows, compliance validation, and remediation so engineering can ship fast without compromising security.
  • Support incident response and post-incident improvements by building better observability and tooling that accelerates detection and recovery.
  • Conduct security reviews of new features, services, and infrastructure changes, providing clear guidance that helps teams design and implement secure solutions.

Requirements

  • 4–7+ years of hands-on experience in security engineering, platform/DevSecOps, or cloud infrastructure roles (founding or early-stage security builder experience strongly preferred).
  • Proven track record shipping production-grade security automation in cloud-native environments (AWS strongly preferred).
  • Deep familiarity with implementing technical controls for SOC 2, FedRAMP, or similar frameworks in real production systems.
  • Strong proficiency in scripting and automation (Python, Go, Bash, or similar) and a bias toward building custom tooling over relying solely on off-the-shelf products.
  • Hands-on experience with Infrastructure as Code (Terraform or equivalent), containerized environments (Kubernetes), and CI/CD systems — and how to embed security directly into them.
  • Working knowledge across core security domains: access control, identity management, and least-privilege enforcement; logging, monitoring, auditing, and security observability; encryption, key management, and secrets handling; vulnerability scanning, policy-as-code, and continuous compliance; incident response and change management.
  • Ability to quickly assess system state, identify meaningful gaps, and deliver pragmatic, high-impact solutions in a fast-moving environment.
  • Comfort operating as a founding security engineer: thrive in ambiguity, own standards end-to-end, and focus on enabling velocity while raising the security bar.
  • Strong problem-solving skills with a builder mindset.

Compensation

  • Salary range: $170,000 - $220,000 per year. Plus equity and benefits.

Skills

AWSKubernetesTerraformPythonGoBashPolicy-As-CodeCI/CDSOC 2FedRAMP
Crusoe

Endpoint Security Engineer

CrusoeSan Francisco, CA +2

Security Engineer responsible for endpoint security architecture, MDM administration (Jamf, Intune), compliance enforcement, and automation across macOS, Windows, iOS, and Android devices. Requires 3-6 years MDM experience, OSQuery/CrowdStrike expertise, and a security-first mindset.

170k – 205k
On-site3+ YOESecurity Engineering
Suno

Software Engineer, Trust & Safety

SunoSan Francisco, CA

Suno is seeking a Software Engineer, Trust & Safety to protect its platform and users from abuse, fraud, and harmful content. This role involves building data pipelines, anomaly detection systems, and internal tools to ensure user safety and platform integrity.

170k – 240k
On-site3+ YOESecurity Engineering
Lumin Digital

Vulnerability Automation Engineer

Lumin DigitalUnited States

Designs and builds autonomous vulnerability automation pipelines using AI tools to discover assets, scan vulnerabilities, harden configurations, and auto-remediate in cloud-native environments. Requires 5+ years in security engineering, DevSecOps, IaC, and cloud security tools.

170k – 190k
Remote5+ YOESecurity Engineering
Clickhouse

Incident Response Security Engineer

ClickhouseUnited States

Handles security incidents, develops detection and response processes, maintains logging platforms, and automates risk mitigation for cloud services. Requires experience in incident response, threat modeling, cloud security, and programming in Golang/Python.

169k – 225k
RemoteSecurity Engineering
Liftoff

Security Engineer, Detection & Response

LiftoffUnited States

Security Engineer focused on operating the SIEM, building AI-augmented detection tooling, triaging alerts, and leading incident response for a high-scale mobile adtech platform.

172k – 240k
Remote5+ YOESecurity Engineering