# Security Infrastructure Engineer
**Company:** [PointOne](https://hotfix.jobs/companies/pointone)
**Location:** New York, NY
**Salary:** $160K-$220K
**Experience:** 5+ years
**Skills:** AWS, IAM, Vpc, Privatelink, Security Groups, Cdk, Terraform, Kms, AWS Lambda, SQS, Rds, Guardduty
**Posted:** 2026-03-02
> Hands-on engineer owning security, scalability, and cost optimization of AWS infrastructure. Hardens IAM, networking, secrets management; leads threat modeling, incident response, and architecture reviews for high-sensitivity legal systems. Requires 5+ years AWS production experience.
## Job Description
## What You'll Own

### Infrastructure Security
- Design and enforce least-privilege IAM across services
- Implement permission boundaries and SCP strategy
- Reduce attack surface across networking and service exposure
- Improve secrets management and KMS key segmentation
- Lead threat modeling across core systems
- Design blast-radius containment strategies

### Detection & Response
- Strengthen logging, monitoring, and anomaly detection
- Ensure logs are immutable and auditable
- Build and test incident response playbooks
- Review new infrastructure designs for security risks

### Scale & Cost
- Optimize AWS architecture for reliability and efficiency
- Improve Lambda/SQS concurrency and scaling patterns
- Evaluate and improve RDS scaling strategy
- Drive principled tradeoffs between isolation, performance, and cost

## What We're Looking For
- 5+ years operating AWS infrastructure in production
- Deep IAM expertise (roles, policies, trust relationships, STS)
- Strong AWS networking knowledge (VPC, PrivateLink, Security Groups)
- Experience designing multi-account AWS environments
- Hands-on experience responding to real security incidents
- Strong understanding of cloud attack vectors and privilege escalation
- Experience reducing cloud cost without compromising security
- Comfortable working directly in CDK/Terraform and reviewing infrastructure code

**Strong plus:** Experience in legal, fintech, government, or other high-sensitivity environments.
**Apply:** https://hotfix.jobs/jobs/security-infrastructure-engineer-at-pointone-1fb7499e-0f95-40d3-bc9b-28f07610453e
**Canonical:** https://hotfix.jobs/jobs/security-infrastructure-engineer-at-pointone-1fb7499e-0f95-40d3-bc9b-28f07610453e