Infrastructure Security Engineer

How you’ll make an impact

• Design and implement security controls for cloud, platform, and deployment systems, with a focus on secure defaults and durable risk reduction.
• Partner with platform, SRE, and infrastructure teams to review architecture and infrastructure changes, identify security risks, and drive practical remediation plans.
• Build and improve automation for infrastructure security, including controls for cloud IAM, Kubernetes and container environments, secrets handling, and infrastructure-as-code workflows.
• Identify and remediate systemic weaknesses such as misconfigurations, exposed services, weak trust boundaries, and insecure defaults in production environments.
• Support infrastructure vulnerability management by helping prioritize findings, validate fixes, and improve how issues are detected and prevented over time.
• Help assess and improve security controls for AI-assisted developer workflows and GenAI-enabled systems, including agentic tooling, coding assistants, and internal AI integrations that interact with production or sensitive environments.
• Respond to production security issues, investigate root causes using logs, dashboards, and system context, and contribute follow-up improvements that strengthen the platform.
• Contribute to team effectiveness by documenting patterns, participating in design and code reviews, and helping raise the security quality bar across engineering.

Minimum Qualifications

• Bachelor’s degree and 3+ years of experience in security engineering, infrastructure engineering, or a related software engineering role.
• Experience securing or operating cloud-native infrastructure in AWS or a similar cloud environment.
• Experience with one or more of the following domains: cloud IAM, Kubernetes/container security, network security, secrets management, or infrastructure vulnerability management.
• Experience writing code or automation in Python, Go, Java, or a similar programming language.
• Experience reviewing system designs, infrastructure changes, or architecture proposals and driving actionable security outcomes.
• Experience with infrastructure-as-code and CI/CD tooling such as Terraform, Helm, GitHub Actions, or similar technologies.
• Experience investigating and resolving moderately complex production or security issues using logs, metrics, and debugging tools.
• Experience using AI-assisted engineering tools responsibly, with an understanding of security considerations such as sensitive data exposure, unsafe automation, access boundaries, or insecure use of generated code and infrastructure changes.

Preferred Qualifications

• Experience building preventative guardrails or automated controls that are adopted by multiple engineering teams.
• Familiarity with production access control patterns for engineers and service identities.
• Experience with Kubernetes, service-to-service trust models, workload identity, or runtime security controls.
• Experience improving cloud posture management, hardening baselines, or drift detection programs.
• Familiarity with security considerations for AI-assisted engineering workflows, including code generation or code review tooling.
• Experience partnering with Risk, Compliance, or Audit teams in a regulated environment.
• Security certifications such as AWS Security Specialty, GCP Professional Cloud Security Engineer, CISSP, or equivalent practical expertise.