Systems-focused Cloud Infrastructure Security Engineer responsible for securing Runpod's multitenant GPU bare-metal and virtualized environments. Requires 5+ years in infrastructure security, deep Linux kernel and virtualization expertise (KVM/QEMU), and low-level programming (C/Go/Rust) to prevent breakouts and harden against threats.
152k – 175k/yr
Remote5+ YOESecurity Engineering
About the role
Responsibilities
Design and implement robust workload and network isolation architectures for multitenant GPU bare-metal and virtualized environments.
Harden Linux kernel configurations, container runtimes (e.g., Docker, containerd), and orchestration layers (e.g., Kubernetes) against breakouts and privilege escalation.
Conduct deep-dive security assessments and penetration testing targeting hypervisor, network stack, and hardware interfaces.
Write code (primarily C, Go, or Rust) to implement custom security controls, telemetry, and fixes at the OS and infrastructure level.
Evaluate and mitigate security considerations specific to GPU architecture, PCIe pass-through, and shared memory spaces.
Serve as the technical escalation point for infrastructure-level security incidents, developing forensic capabilities for ephemeral container environments.
Required Qualifications
5+ years of experience in infrastructure or systems-level security engineering.
Extensive knowledge of Linux kernel internals (cgroups, namespaces, eBPF, SELinux/AppArmor).
Deep understanding of virtualization technologies (KVM, QEMU) and workload/network isolation techniques in multitenant environments.
Strong systems-level programming skills in C, Go, Rust, or Python.
Familiarity with GPU architecture and hardware-level security considerations.
Experience in securing bare-metal cloud infrastructure and mitigating lower-level CVEs.
Preferred Qualifications
Contributions to open-source systems security projects or virtualization research.
Experience writing or deploying eBPF-based security tooling.
Deep knowledge of low-level networking protocols and virtualized network security.
Compensation & Benefits
Competitive base pay ranges from $152,000 - $175,000 (may be inclusive of several career levels; narrowed during interview process based on experience, qualifications, and location).
Meaningful equity in a fast-growing company (stock options for everyone).
Generous medical, dental & vision plans.
Flexible PTO.
$1,200 Home Office & Equipment Stipend.
Most roles are remote-first with collaborative teams.
Skills
Linux KernelCgroupsNamespacesEbpfSelinuxApparmorDockerContainerdKubernetesKvmQemuCGoRustPython
Full Stack Security Engineer embedding with engineering teams to secure Runpod's AI cloud platform. Lead threat modeling, fix vulnerabilities by writing code in Python/Go/TS, implement DevSecOps pipelines, and champion security across web apps, APIs, and microservices.
152k – 175k/yr
Remote5+ YOESecurity Engineering
Manager, Product Security
ChimeSan Francisco, CA
Leads a team securing cloud infrastructure, sensitive data, and AI systems in products. Influences engineering roadmaps, embeds security in designs, and manages AI risks like prompt injection and data leakage. Requires 5+ years security engineering and 2+ years leading engineers.
152k – 210k/yr
Hybrid5+ YOESecurity Engineering
Threat Intelligence Researcher (Cloud)
WizNew York, NY
Track, analyze, and attribute advanced state-backed and financially motivated threat actors targeting cloud environments. Requires 5+ years in threat research with expertise in malware, infrastructure tracking, and large-scale telemetry analysis.
151k – 208k/yr
Remote5+ YOESecurity Engineering
Software Engineer, Identity
MercorSan Francisco, CA
Build and scale Mercor's novel identity and access management infrastructure across thousands of Slack workspaces and HR systems for a 100k+ expert network. Requires strong product engineering, large-scale distributed systems experience, and security-minded design instincts.
150k – 325k/yr
On-site5+ YOESecurity Engineering
IT Security Operations Engineer
AKASASan Francisco, CA
IT Security Operations Engineer responsible for implementing DLP, email security, endpoint protection, Okta/Google Workspace hardening, automation, compliance evidence collection, and incident response in a hybrid healthcare AI startup.