Infrastructure Security Engineer

You will design, build, and implement security controls, automation, and processes across product, platform, and infrastructure environments. You will identify security gaps, propose solutions, and drive engineering initiatives to close them. You will integrate security into CI/CD pipelines and cloud-native deployments, build tooling to detect misconfigurations and enforce secure baselines, and assist in threat modeling and architectural reviews. You will contribute to internal security documentation and participate in incident response when engineering expertise or automation support is required.

Responsibilities

• Design, build, and implement security controls, automation, and processes across product platform and infrastructure environments
• Identify operational and technical security gaps and drive engineering initiatives to close them
• Integrate security into CI/CD pipelines deployment workflows and cloud-native architectures
• Build automated tooling and services to enforce secure configurations detect misconfigurations and support continuous compliance
• Assist in threat modeling design reviews and architectural assessments for new and existing systems
• Contribute to internal security documentation best practices and developer guidance
• Participate in security incident response providing engineering expertise and automation support

Requirements

• 4+ years of experience in security engineering platform security or DevSecOps roles
• Hands-on experience implementing security controls and automation within cloud environments (GCP or AWS preferred)
• Proficiency in scripting automation and infrastructure as code (Python Bash Go Terraform)
• Ability to collaborate with engineering teams and translate security requirements into practical scalable solutions
• Strong analytical and problem-solving skills with a bias toward automation
• Familiarity with Cloudflare (DDoS protection WAF) and OSS SIEM tools such as Splunk or Elastic
• Familiarity with incident management platforms (Incident.io PagerDuty)
• Familiarity with CI/CD systems (Github Actions Concourse CircleCI)
• Familiarity with maintaining HIDS systems (Wazuh preferred)
• Knowledge of security standards and governance frameworks (CIS NIST SOC2 ISO 27001 PCI DSS) (nice to have)
• Hands-on experience building and maintaining a SIEM comprised of open-source and hosted components (nice to have)
• Experience securing consumer-facing web iOS and Android applications (nice to have)
• Experience designing policies and administering Vault and other HashiCorp products (nice to have)
• Experience managing security vendors (nice to have)

Benefits

• Equity
• Work from Anywhere policy up to 20 days per year
• ClassPass
• Unlimited vacation
• Apple equipment