Skip to content
PointOne

Security Infrastructure Engineer

Hands-on engineer owning security, scalability, and cost optimization of AWS infrastructure. Hardens IAM, networking, secrets management; leads threat modeling, incident response, and architecture reviews for high-sensitivity legal systems. Requires 5+ years AWS production experience.

160k – 220kNew York, NYSecurity EngineeringOnsite5+ YOE
Apply

About the role

What You'll Own

Infrastructure Security

  • Design and enforce least-privilege IAM across services
  • Implement permission boundaries and SCP strategy
  • Reduce attack surface across networking and service exposure
  • Improve secrets management and KMS key segmentation
  • Lead threat modeling across core systems
  • Design blast-radius containment strategies

Detection & Response

  • Strengthen logging, monitoring, and anomaly detection
  • Ensure logs are immutable and auditable
  • Build and test incident response playbooks
  • Review new infrastructure designs for security risks

Scale & Cost

  • Optimize AWS architecture for reliability and efficiency
  • Improve Lambda/SQS concurrency and scaling patterns
  • Evaluate and improve RDS scaling strategy
  • Drive principled tradeoffs between isolation, performance, and cost

What We're Looking For

  • 5+ years operating AWS infrastructure in production
  • Deep IAM expertise (roles, policies, trust relationships, STS)
  • Strong AWS networking knowledge (VPC, PrivateLink, Security Groups)
  • Experience designing multi-account AWS environments
  • Hands-on experience responding to real security incidents
  • Strong understanding of cloud attack vectors and privilege escalation
  • Experience reducing cloud cost without compromising security
  • Comfortable working directly in CDK/Terraform and reviewing infrastructure code

Strong plus: Experience in legal, fintech, government, or other high-sensitivity environments.

Skills

AWSIAMVpcPrivatelinkSecurity GroupsCdkTerraformKmsAWS LambdaSQSRdsGuardduty

Similar roles

Security Engineering jobs
Lumin Digital

Security Platform Engineer

As a Security Platform Engineer, you will build and operate security-critical infrastructure, focusing on reliability and scale. This role involves developing AI-assisted engineering workflows, managing security telemetry, and implementing GitOps deployment patterns across hundreds of environments.

160k – 180kUnited StatesSecurity EngineeringRemote5+ YOEAWSPython
Snowflake

Software Engineer - Secret, Cryptographic and Identity Infrastructure

Build and scale core security infrastructure for secret management, identity, authentication, and end-to-end encryption across Snowflake's multi-cloud platform.

160k – 230kBellevue, WASecurity EngineeringOn-siteCGo
Snowflake

Software Engineer - Trust Center

Build and operate large-scale security, governance, and compliance platform features at Snowflake. Design extensible frameworks and high-availability services using Java, Python, and SQL.

160k – 230kBellevue, WASecurity EngineeringOn-site5+ YOESQLJava
Juicebox

Security Engineer

Builds foundational security systems for AI SaaS infrastructure, including secure execution for AI agents, AWS guardrails with Terraform, identity management, and observability. Requires strong application security, DevOps, and AWS experience with a focus on automation and developer-friendly tools.

160k – 250kSan Francisco, CASecurity EngineeringOn-siteAWSIAM
Blee

Security Engineer

Builds and owns end-to-end security program including SOC 2 compliance, cloud infrastructure hardening, and scalable security tooling for a fast-growing AI compliance startup. Requires 4+ years experience, hands-on cloud security, and hybrid presence in SF or NYC.

160k – 210kSan Francisco, CA +1Security EngineeringHybrid4+ YOEAWSGCP