Skip to content
Thinking Machines LabThinking Machines LabSan Francisco, CA

Infrastructure Engineer, Security

Owns and evolves security infrastructure across compute, storage, networking, and data platforms for foundation models. Architects secure patterns, manages identities/secrets, builds threat models, and automates security checks in Kubernetes/cloud environments. Requires strong systems programming and infra experience.

200k – 475k/yr
On-siteSecurity Engineering

About the role

What You’ll Do

  • Architect security patterns for platforms and services, including network segmentation, service-to-service authentication, RBAC, and policy enforcement in Kubernetes and cloud environments.
  • Manage identity, access, and secrets for humans and services: workload and cross-cloud identity, least-privilege IAM, and secrets management.
  • Build secure platforms for data ingestion, processing, and curation: classification, encryption, access controls, and safe sharing patterns across teams.
  • Write threat models and review designs with researchers and engineers to help them ship features and experiments in a safe, scalable way.
  • Automate security checks and build guardrails: policy-as-code, secure infrastructure baselines, validation in CI/CD, and tools that make the secure path the easiest one.

Skills and Qualifications

Minimum qualifications

  • Bachelor’s degree or equivalent experience in engineering, or similar.
  • Strong background with containers and orchestration (Kubernetes) and how to secure them (namespaces, network policies, pod security, admission controls, etc.)
  • Practical experience with Infrastructure as Code (Terraform or similar), including secure patterns for provisioning networks, IAM, and shared services.
  • Solid understanding of cloud networking and security: VPCs, load balancers, service discovery, mTLS, firewalls, and zero-trust-style architectures.
  • Proficiency with a systems language such as Rust and scripting in Python for building platform components and internal tools.
  • Evidence of owning complex, production-critical systems, including debugging issues that span infra, security, and application layers.

Preferred qualifications

  • Experience with ML infrastructure, GPU clusters, or large-scale training environments (schedulers, job queues, shared storage, multi-tenant clusters).
  • Background in AI labs, HPC environments, or ML-heavy organizations where both security and performance are first-class concerns.
  • Experience profiling and tuning high-throughput systems, and an ability to reason about the cost of additional security layers.
  • Talks, blogs, or publications on infrastructure security, distributed systems, or performance engineering.
  • Open-source contributions to security, orchestration, observability, or infrastructure tooling.
  • Familiarity with securing specialized hardware (GPUs, TPUs) and their integrations into training and inference pipelines.

Logistics

Compensation: Depending on background, skills and experience, the expected annual salary range for this position is $200,000 - $475,000 USD.

Benefits: Generous health, dental, and vision benefits, unlimited PTO, paid parental leave, and relocation support as needed.

Skills

KubernetesTerraformRustPythonIAMVpcsMtlsRBACCI/CDGpu Clusters
Nooks

Security Engineer

NooksSan Francisco, CA

Second Security Engineer at Nooks.ai, securing an AI-native sales platform and its AI agents. Own threat modeling, secure SDLC, cloud hardening, compliance (SOC 2), and novel AI security challenges (guardrails, prompt injection). Requires 4-5+ years in infosec with strong app/cloud security fundamentals; startup experience preferred.

200k – 315k/yr
Hybrid5+ YOESecurity Engineering
Decagon

Platform Engineer, Security

DecagonSan Francisco, CA

Lead application security strategy and implementation for Decagon's conversational AI platform. Partner with engineering teams to build security into AI-powered applications and establish testing programs.

200k – 330k/yr
On-site3+ YOESecurity Engineering
Writer

Security engineer, detection and response (US)

WriterSan Francisco, CA

Builds and implements detection systems and automated responses for AI-specific threats like prompt injection and model extraction on distributed GPU infrastructure. Leads incident response, proactive threat hunting, and cross-team security coordination with 3-5+ years in security operations.

200k – 240k/yr
Hybrid3+ YOESecurity Engineering
Notion

Software Engineer, Trust

NotionSan Francisco, CA +1

Builds authentication, security features, and AI-powered risk detection systems to ensure user trust and safety at scale. Requires 5-8 years experience in trust/safety/security with cross-functional collaboration.

200k – 280k/yr
Hybrid5+ YOESecurity Engineering
Decagon

Security Engineer

DecagonSan Francisco, CA

Build and scale security foundations for Decagon's AI customer experience platform, implementing controls, tooling, detection pipelines, and partnering with engineering teams. Requires 3+ years security engineering with strong coding skills and cloud experience, ideally Google Cloud; onsite in San Francisco.

200k – 330k/yr
On-site3+ YOESecurity Engineering