Skip to content
Fal

Staff Security Engineer, Infrastructure

Designs and implements security controls for cloud infrastructure, Kubernetes workloads, GPU compute, networking, and AI data systems. Requires 8+ years in security engineering with expertise in cloud security, Zero Trust, IaC, and automation.

San Francisco, CASecurity EngineeringOnsite8+ YOE
Apply

About the role

What You’ll Do

Build & Harden Infrastructure Security

  • Design and implement security controls across:
    • Cloud infrastructure
    • Kubernetes and containerized workloads
    • Networking, service meshes, and edge systems
    • CI/CD pipelines and deployment systems
    • Secure compute environments for GPU workloads and model execution

Identity, Secrets & Access

  • Machine identity and workload authentication
  • Secrets management and encryption (e.g., Vault, KMS)
  • Least-privilege access and short-lived credentials
  • Implement Zero Trust principles across infrastructure

Secure AI & Data Systems

  • Protect model weights, inference endpoints, and customer data
  • Design secure data access pathways and isolation mechanisms
  • Ensure safe multi-tenant execution environments

Automation & Security Tooling

  • Build security guardrails directly into infrastructure and CI/CD
  • Use Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaults
  • Continuously identify and remediate security gaps through automation

Threat Modeling & Risk Reduction

  • Identify and mitigate risks across infrastructure layers
  • Defend against both external attackers and insider threats
  • Drive projects like network isolation, encryption, and secure service communication

Cross-Functional Collaboration

  • Partner with platform, infra, and ML teams to drive shift-left security
  • Enable engineers to move fast with secure-by-default systems
  • Contribute to a strong security culture across the company

What We’re Looking For

Core Requirements

  • 8+ years in security engineering, infrastructure, or SRE
  • Strong understanding of:
    • Cloud security (AWS, GCP, or Azure)
    • Networking fundamentals (segmentation, firewalls, Zero Trust)
    • Linux systems and container security (Docker, Kubernetes)
  • Experience building or securing production infrastructure at scale

Security Expertise

  • Deep knowledge of:
    • Authentication & authorization systems
    • Secrets management and cryptography basics
    • Common vulnerabilities and attack vectors
    • Ability to design security controls across multiple layers (infra → app)

Engineering Skills

  • Proficiency in at least one language (Go, Python, or similar)
  • Experience with Infrastructure-as-Code (Terraform preferred)
  • Strong automation mindset—security should scale with systems

Nice to Have

  • Experience with:
    • GPU infrastructure or ML systems
    • Multi-tenant platform isolation
    • Service mesh / zero-trust architectures
    • High-growth startup environments

Skills

KubernetesDockerTerraformAWSGCPAzureZero TrustVaultKmsGoPythonLinuxService MeshCI/CDInfrastructure As Code

Similar roles

Security Engineering jobs
Perplexity

Member of Technical Staff

Conduct original research on AI system security and privacy, develop defenses and evaluation frameworks, and translate findings into production improvements at Perplexity. Requires PhD or equivalent with publications at top security venues and deep expertise in security domains.

220k – 405kSan Francisco, CASecurity EngineeringOn-site7+ YOEGoRust
Reddit

Staff Software Engineer, Identity & Access Management

Staff Software Engineer on the IAM team designing, delivering, and supporting digital identity, authentication, and access systems. Requires 10+ years backend experience, deep IAM expertise, and proficiency in Go/Python/Java/TypeScript.

217k – 304kUnited StatesSecurity EngineeringRemote10+ YOEGoSQL
Rippling

Staff Product Security Engineer

Hands-on staff security engineer building guardrails, tooling, and automations to secure Rippling's web applications. Requires 10+ years in product security, fluency in Python/React/DRF, and experience embedding security into SDLC and CI/CD.

189k – 315kSeattle, WA +2Security EngineeringHybrid10+ YOESSOSAML
Okta

Staff Security Engineer

Staff Security Engineer embedded in TDI to build centralized security posture analytics, automate issue tracking and remediation, and drive AI-powered risk management across AWS, SaaS apps, and enterprise systems.

134k – 185kSan Francisco, CASecurity EngineeringOn-site10+ YOEAWSSnyk
Okta

Staff Software Engineer, Security Engineering

Staff-level engineer designing and building security guardrails for multi-cloud environments, translating security standards into code-driven policies. Requires 8+ years in cloud security with deep expertise in Kubernetes, IAM, and Policy-as-Code.

174k – 239kBellevue, WA +3Security EngineeringHybrid8+ YOEGoEKS