Skip to content
FalFalSan Francisco, CA

Staff Security Engineer, Infrastructure

Designs and implements security controls for cloud infrastructure, Kubernetes workloads, GPU compute, networking, and AI data systems. Requires 8+ years in security engineering with expertise in cloud security, Zero Trust, IaC, and automation.

Salary not listed
On-site8+ YOESecurity Engineering

About the role

What You’ll Do

Build & Harden Infrastructure Security

  • Design and implement security controls across:
    • Cloud infrastructure
    • Kubernetes and containerized workloads
    • Networking, service meshes, and edge systems
    • CI/CD pipelines and deployment systems
    • Secure compute environments for GPU workloads and model execution

Identity, Secrets & Access

  • Machine identity and workload authentication
  • Secrets management and encryption (e.g., Vault, KMS)
  • Least-privilege access and short-lived credentials
  • Implement Zero Trust principles across infrastructure

Secure AI & Data Systems

  • Protect model weights, inference endpoints, and customer data
  • Design secure data access pathways and isolation mechanisms
  • Ensure safe multi-tenant execution environments

Automation & Security Tooling

  • Build security guardrails directly into infrastructure and CI/CD
  • Use Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaults
  • Continuously identify and remediate security gaps through automation

Threat Modeling & Risk Reduction

  • Identify and mitigate risks across infrastructure layers
  • Defend against both external attackers and insider threats
  • Drive projects like network isolation, encryption, and secure service communication

Cross-Functional Collaboration

  • Partner with platform, infra, and ML teams to drive shift-left security
  • Enable engineers to move fast with secure-by-default systems
  • Contribute to a strong security culture across the company

What We’re Looking For

Core Requirements

  • 8+ years in security engineering, infrastructure, or SRE
  • Strong understanding of:
    • Cloud security (AWS, GCP, or Azure)
    • Networking fundamentals (segmentation, firewalls, Zero Trust)
    • Linux systems and container security (Docker, Kubernetes)
  • Experience building or securing production infrastructure at scale

Security Expertise

  • Deep knowledge of:
    • Authentication & authorization systems
    • Secrets management and cryptography basics
    • Common vulnerabilities and attack vectors
    • Ability to design security controls across multiple layers (infra → app)

Engineering Skills

  • Proficiency in at least one language (Go, Python, or similar)
  • Experience with Infrastructure-as-Code (Terraform preferred)
  • Strong automation mindset—security should scale with systems

Nice to Have

  • Experience with:
    • GPU infrastructure or ML systems
    • Multi-tenant platform isolation
    • Service mesh / zero-trust architectures
    • High-growth startup environments

Skills

KubernetesDockerTerraformAWSGCPAzureZero TrustVaultKmsGoPythonLinuxService MeshCI/CDInfrastructure As Code
Zocdoc

Senior Staff Security Engineer, Vulnerability Management

ZocdocUnited States

Senior Staff Security Engineer owning the roadmap for an AI-driven vulnerability scanning, triage, and automated remediation platform. Requires 8+ years in security engineering with deep cloud/container expertise, offensive security experience, and proficiency in Python/Go/Rust.

200k – 290k/yr
Remote8+ YOESecurity Engineering
Plaid

Staff Software Engineer

PlaidNew York, NY +2

Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.

222k – 328k/yr
Hybrid7+ YOESecurity Engineering
Anthropic

Staff+ Application Security Engineer

AnthropicSan Francisco, CA +2

Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.

320k – 485k/yr
Hybrid7+ YOESecurity Engineering
Confluent

Staff Security Risk & Compliance Program Manager

ConfluentTexas

Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.

222k – 261k/yr
Remote8+ YOESecurity Engineering
Abridge

Senior/Staff Infrastructure Security Engineer

AbridgeSan Francisco, CA +1

Senior/Staff Infrastructure Security Engineer building self-service security platforms, automating DevSecOps workflows, and designing high-scale security data pipelines and IaC guardrails in a greenfield cloud-native environment at an AI healthcare company. Requires 8+ years software engineering experience with deep cloud and IaC expertise.

214k – 252k/yr
Remote8+ YOESecurity Engineering