# Software Engineer, Security Infrastructure
**Company:** [Siftstack](https://hotfix.jobs/companies/siftstack)
**Location:** Marina del Rey, CA, Los Angeles, CA, San Francisco, CA
**Salary:** $170K-$220K
**Experience:** 4+ years
**Skills:** AWS, Kubernetes, Terraform, Python, Go, Bash, Policy-As-Code, CI/CD, SOC 2, FedRAMP
**Posted:** 2026-04-24
> Builds and automates security controls, tooling, and compliance for AWS, Kubernetes, and CI/CD in cloud-native environments. Requires 4+ years in security engineering with hands-on IaC, scripting, and frameworks like SOC 2/FedRAMP.
## Job Description
## Responsibilities

- Build and maintain tooling, scripts, services, and automation that assess, enforce, and monitor security and compliance controls across AWS cloud environments, Kubernetes clusters, and CI/CD pipelines.
- Develop lightweight internal solutions (e.g., policy-as-code, custom scanners, CI/CD integrations) that make security and compliance automatic, auditable, and invisible to the rest of engineering.
- Embed security guardrails directly into infrastructure-as-code (Terraform), container orchestration, and deployment workflows so that secure-by-default becomes the path of least resistance.
- Partner closely with the infrastructure and platform engineering teams to harden cloud-native systems, implement access controls, encryption, logging/monitoring, and vulnerability management at scale.
- Improve visibility into our overall security posture through automated reporting, dashboards, and real-time observability that highlight risks and control coverage.
- Translate compliance requirements (SOC 2, FedRAMP, and related frameworks) into pragmatic, enforceable technical implementations rather than manual checklists.
- Reduce toil by automating security workflows, compliance validation, and remediation so engineering can ship fast without compromising security.
- Support incident response and post-incident improvements by building better observability and tooling that accelerates detection and recovery.
- Conduct security reviews of new features, services, and infrastructure changes, providing clear guidance that helps teams design and implement secure solutions.

## Requirements

- 4–7+ years of hands-on experience in security engineering, platform/DevSecOps, or cloud infrastructure roles (founding or early-stage security builder experience strongly preferred).
- Proven track record shipping production-grade security automation in cloud-native environments (AWS strongly preferred).
- Deep familiarity with implementing technical controls for SOC 2, FedRAMP, or similar frameworks in real production systems.
- Strong proficiency in scripting and automation (**Python**, **Go**, **Bash**, or similar) and a bias toward building custom tooling over relying solely on off-the-shelf products.
- Hands-on experience with Infrastructure as Code (**Terraform** or equivalent), containerized environments (**Kubernetes**), and CI/CD systems — and how to embed security directly into them.
- Working knowledge across core security domains: access control, identity management, and least-privilege enforcement; logging, monitoring, auditing, and security observability; encryption, key management, and secrets handling; vulnerability scanning, policy-as-code, and continuous compliance; incident response and change management.
- Ability to quickly assess system state, identify meaningful gaps, and deliver pragmatic, high-impact solutions in a fast-moving environment.
- Comfort operating as a founding security engineer: thrive in ambiguity, own standards end-to-end, and focus on enabling velocity while raising the security bar.
- Strong problem-solving skills with a builder mindset.

## Compensation

- Salary range: $170,000 - $220,000 per year. Plus equity and benefits.
**Apply:** https://hotfix.jobs/jobs/software-engineer-security-infrastructure-at-siftstack-10bace96-4568-4b74-8991-363cb538257c
**Canonical:** https://hotfix.jobs/jobs/software-engineer-security-infrastructure-at-siftstack-10bace96-4568-4b74-8991-363cb538257c