# Software Engineer, Security Infrastructure

**Company:** [Siftstack](https://hotfix.jobs/companies/siftstack)
**Location:** Marina del Rey, CA, Los Angeles, CA, San Francisco, CA
**Role:** Security Engineering
**Salary:** $170k – $220k/yr
**Experience:** 4+ years
**Skills:** AWS, Kubernetes, Terraform, Python, Go, Bash, Policy-As-Code, CI/CD, SOC 2, FedRAMP
**Posted:** 2026-04-24

> Builds and automates security controls, tooling, and compliance for AWS, Kubernetes, and CI/CD in cloud-native environments. Requires 4+ years in security engineering with hands-on IaC, scripting, and frameworks like SOC 2/FedRAMP.

## Job Description

## Responsibilities

- Build and maintain tooling, scripts, services, and automation that assess, enforce, and monitor security and compliance controls across AWS cloud environments, Kubernetes clusters, and CI/CD pipelines.
- Develop lightweight internal solutions (e.g., policy-as-code, custom scanners, CI/CD integrations) that make security and compliance automatic, auditable, and invisible to the rest of engineering.
- Embed security guardrails directly into infrastructure-as-code (Terraform), container orchestration, and deployment workflows so that secure-by-default becomes the path of least resistance.
- Partner closely with the infrastructure and platform engineering teams to harden cloud-native systems, implement access controls, encryption, logging/monitoring, and vulnerability management at scale.
- Improve visibility into our overall security posture through automated reporting, dashboards, and real-time observability that highlight risks and control coverage.
- Translate compliance requirements (SOC 2, FedRAMP, and related frameworks) into pragmatic, enforceable technical implementations rather than manual checklists.
- Reduce toil by automating security workflows, compliance validation, and remediation so engineering can ship fast without compromising security.
- Support incident response and post-incident improvements by building better observability and tooling that accelerates detection and recovery.
- Conduct security reviews of new features, services, and infrastructure changes, providing clear guidance that helps teams design and implement secure solutions.

## Requirements

- 4–7+ years of hands-on experience in security engineering, platform/DevSecOps, or cloud infrastructure roles (founding or early-stage security builder experience strongly preferred).
- Proven track record shipping production-grade security automation in cloud-native environments (AWS strongly preferred).
- Deep familiarity with implementing technical controls for SOC 2, FedRAMP, or similar frameworks in real production systems.
- Strong proficiency in scripting and automation (**Python**, **Go**, **Bash**, or similar) and a bias toward building custom tooling over relying solely on off-the-shelf products.
- Hands-on experience with Infrastructure as Code (**Terraform** or equivalent), containerized environments (**Kubernetes**), and CI/CD systems — and how to embed security directly into them.
- Working knowledge across core security domains: access control, identity management, and least-privilege enforcement; logging, monitoring, auditing, and security observability; encryption, key management, and secrets handling; vulnerability scanning, policy-as-code, and continuous compliance; incident response and change management.
- Ability to quickly assess system state, identify meaningful gaps, and deliver pragmatic, high-impact solutions in a fast-moving environment.
- Comfort operating as a founding security engineer: thrive in ambiguity, own standards end-to-end, and focus on enabling velocity while raising the security bar.
- Strong problem-solving skills with a builder mindset.

## Compensation

- Salary range: $170,000 - $220,000 per year. Plus equity and benefits.

## Similar roles

- [Endpoint Security Engineer](https://hotfix.jobs/jobs/e9f904e5-b1d3-4a26-b61e-06c5e375ab90) - Crusoe - San Francisco, CA - $170k – $205k/yr
- [Software Engineer, Trust & Safety](https://hotfix.jobs/jobs/7d005694-1f26-43da-8d18-cb58960d2d1e) - Suno - San Francisco, CA - $170k – $240k/yr
- [Vulnerability Automation Engineer](https://hotfix.jobs/jobs/1a05493d-ddf1-4123-8eaa-22774b293d93) - Lumin Digital - Remote - $170k – $190k/yr
- [Incident Response Security Engineer](https://hotfix.jobs/jobs/d002a19f-a1ab-4434-977e-b1a71be0e1c8) - Clickhouse - Remote - $169k – $225k/yr
- [Security Engineer, Detection & Response](https://hotfix.jobs/jobs/28f93e48-86dd-4627-a850-c2fe4fa0a170) - Liftoff - Remote - $172k – $240k/yr

**Apply:** https://hotfix.jobs/jobs/10bace96-4568-4b74-8991-363cb538257c
**Canonical:** https://hotfix.jobs/jobs/10bace96-4568-4b74-8991-363cb538257c