# Senior Staff Cybersecurity Engineer, Platform Security

**Company:** [Shield AI](https://hotfix.jobs/companies/shield-ai)
**Location:** San Diego, CA
**Role:** Security Engineering
**Salary:** $160k – $240k/yr
**Experience:** 7+ years
**Skills:** Kubernetes, Terraform, Opa, Go, Python, Rust, Azure, Entra Id, AWS, GCP, CI/CD, Infrastructure As Code, Policy As Code, DevSecOps
**Posted:** 2026-06-12

> Senior technical owner building secure-by-default infrastructure, IaC modules, policy-as-code guardrails, and CI/CD security tooling for cloud and platform engineering teams.

## Job Description

## What you'll do

- Build the secure defaults: Infrastructure-as-Code modules, CI/CD pipeline templates, internal libraries, and golden-path scaffolding that make the secure choice the easy choice.
- Engineer guardrails as code — policy-as-code (OPA/Conftest), admission controllers, cloud guardrails (SCPs / org policy), and pre-commit and CI checks — so the insecure path is blocked or flagged automatically.
- Own the platform security tooling that other teams consume, so they don't have to build their own; replace recurring manual work with durable, self-service mechanisms.
- Embed security into the software and infrastructure supply chain: pipeline security, build/artifact integrity, dependency and container scanning, and secrets management.
- Engineer workload and service identity controls (least privilege, short-lived credentials, federated trust) so zero-standing-privilege is real and observable.
- Write and maintain production-quality code and infrastructure that backs these controls.
- Partner with platform, infrastructure, and product engineering teams early — review high-blast-radius designs against the internal Security Engineering standard while the design can still change, and turn recurring findings into a missing paved road, not just another fix.
- Set technical direction and standards for secure-by-default; document them so they can be applied without us, and mentor and raise the bar for other engineers.

## Required qualifications

- Extensive experience in security engineering, platform/infrastructure engineering, DevSecOps, or a closely related field, with a track record of owning complex systems end-to-end.
- Strong software engineering ability — you write, review, and ship production-quality code (any modern language) and treat infrastructure as software.
- Hands-on experience building secure-by-default mechanisms: Infrastructure-as-Code, CI/CD pipeline security, and policy/guardrails as code.
- Deep working knowledge of at least one major cloud provider and its security and identity model.
- Demonstrated ability to design durable, automated solutions that reduce real risk without becoming a bottleneck — and to make explicit tradeoffs between security and the business.
- Strong communication: you can explain a security concept to a product engineer in their language and to a leader in business terms, and you write recommendations people can act on.

## Preferred qualifications

- Strong DevSecOps background with hands-on Kubernetes (admission control, OPA/Gatekeeper, workload identity) and Terraform (reusable secure modules, policy-as-code).
- Production coding experience in Go, Python, and/or Rust; comfortable with scripting/automation in Bash and PowerShell.
- Depth in Azure security and identity (Entra ID, Azure Policy, Management Group guardrails).
- Experience securing AI/ML systems, pipelines, or workloads.
- Offensive security / red team experience, with the ability to think like an attacker and translate those findings into stronger defaults and guardrails.
- Experience with supply-chain security (SLSA, sigstore/cosign, SBOMs), container/image hardening, and secrets management.
- Experience operating security tooling as an internal product consumed self-service by other engineering teams.
- Bachelor's degree or equivalent professional certification and experience.

## Similar roles

- [Staff Engineer](https://hotfix.jobs/jobs/a0888f8f-7a91-4eb2-ae6b-3cc549cacc82) - Twilio - Remote - $156k – $229k/yr
- [Staff GRC Engineer](https://hotfix.jobs/jobs/f6da6721-0570-4815-bd0b-c83a342c4241) - ezCater - Remote - $165k – $210k/yr
- [Staff Cloud Security Engineer](https://hotfix.jobs/jobs/6a451f05-66c1-47b9-92e0-766e35c909aa) - Huntress - Remote - $165k – $193k/yr
- [Sr. Staff System Security Engineer](https://hotfix.jobs/jobs/50fb66cc-9ede-4741-a21c-d4699d9986af) - Shield AI - Dallas, TX - $170k – $250k/yr
- [Staff IAM Engineer](https://hotfix.jobs/jobs/7a722d47-b173-4ffc-9981-f10ed9f3ce9c) - Ironclad - San Francisco, CA - $170k – $190k/yr

**Apply:** https://hotfix.jobs/jobs/31cc7390-ce3b-4bd2-b438-7d88f0d029a1
**Canonical:** https://hotfix.jobs/jobs/31cc7390-ce3b-4bd2-b438-7d88f0d029a1