# Staff Security Engineer, Infrastructure
**Company:** [Fal](https://hotfix.jobs/companies/fal)
**Location:** San Francisco, CA
**Experience:** 8+ years
**Skills:** Kubernetes, Docker, Terraform, AWS, GCP, Azure, Zero Trust, Vault, Kms, Go, Python, Linux, Service Mesh, CI/CD, Infrastructure As Code
**Posted:** 2026-04-06
> Designs and implements security controls for cloud infrastructure, Kubernetes workloads, GPU compute, networking, and AI data systems. Requires 8+ years in security engineering with expertise in cloud security, Zero Trust, IaC, and automation.
## Job Description
## What You’ll Do

### Build &amp; Harden Infrastructure Security
- Design and implement security controls across:
  - Cloud infrastructure
  - Kubernetes and containerized workloads
  - Networking, service meshes, and edge systems
  - CI/CD pipelines and deployment systems
  - Secure compute environments for GPU workloads and model execution

### Identity, Secrets &amp; Access
- Machine identity and workload authentication
- Secrets management and encryption (e.g., Vault, KMS)
- Least-privilege access and short-lived credentials
- Implement Zero Trust principles across infrastructure

### Secure AI &amp; Data Systems
- Protect model weights, inference endpoints, and customer data
- Design secure data access pathways and isolation mechanisms
- Ensure safe multi-tenant execution environments

### Automation &amp; Security Tooling
- Build security guardrails directly into infrastructure and CI/CD
- Use Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaults
- Continuously identify and remediate security gaps through automation

### Threat Modeling &amp; Risk Reduction
- Identify and mitigate risks across infrastructure layers
- Defend against both external attackers and insider threats
- Drive projects like network isolation, encryption, and secure service communication

### Cross-Functional Collaboration
- Partner with platform, infra, and ML teams to drive shift-left security
- Enable engineers to move fast with secure-by-default systems
- Contribute to a strong security culture across the company

## What We’re Looking For

### Core Requirements
- 8+ years in security engineering, infrastructure, or SRE
- Strong understanding of:
  - Cloud security (AWS, GCP, or Azure)
  - Networking fundamentals (segmentation, firewalls, **Zero Trust**)
  - Linux systems and container security (**Docker**, **Kubernetes**)
- Experience building or securing production infrastructure at scale

### Security Expertise
- Deep knowledge of:
  - Authentication &amp; authorization systems
  - Secrets management and cryptography basics
  - Common vulnerabilities and attack vectors
  - Ability to design security controls across multiple layers (infra → app)

### Engineering Skills
- Proficiency in at least one language (**Go**, **Python**, or similar)
- Experience with Infrastructure-as-Code (**Terraform** preferred)
- Strong automation mindset—security should scale with systems

### Nice to Have
- Experience with:
  - GPU infrastructure or ML systems
  - Multi-tenant platform isolation
  - Service mesh / zero-trust architectures
  - High-growth startup environments
**Apply:** https://hotfix.jobs/jobs/staff-security-engineer-infrastructure-at-fal-9b82a70e-21a2-4169-af05-f683a4bf6196
**Canonical:** https://hotfix.jobs/jobs/staff-security-engineer-infrastructure-at-fal-9b82a70e-21a2-4169-af05-f683a4bf6196