About the Client
Our client is a neocloud building purpose-built GPU infrastructure for AI workloads. We operate large-scale clusters powering training and inference for some of the most demanding AI customers in the market, and we’re rapidly expanding. Our infrastructure runs on NVIDIA and AMD accelerators, InfiniBand and high-speed Ethernet fabrics, and a production stack spanning bare-metal provisioning, Kubernetes, and OpenStack.
We’re small, senior, and moving fast. The people who do well here own problems end-to-end and make decisions with incomplete information.
The role
Security is a core part of who we are and how we operate. We’re hiring a Senior Production Security Engineer to help strengthen and scale our security capabilities.
This is not a compliance-focused role, and it is not purely advisory. We are looking for a hands-on senior engineer who can identify high-risk gaps and opportunities, partner with engineering and leadership teams to design effective solutions, and implement those solutions through code, automation, and tooling. In addition to security-focused initiatives, this person will contribute meaningfully to broader infrastructure, platform, and production engineering efforts. Beyond the technical responsibilities, this role plays a key part in fostering a security-first engineering culture. You will advocate for best practices, educate teams, and help raise the security bar across the organization. This is an opportunity to shape the future of our security function and become a foundational leader as it continues to grow.
What this role is, and is not
This role is:
A senior engineer who drives the core of a security focus.
A self-directed practitioner who identifies security weaknesses, opportunities to level up, prioritizes them, and builds a credible roadmap.
A cross-functional partner who works with infrastructure, platform, cloud, and leadership to recommend action and architect solutions.
A builder who implements solutions in software, tooling, and infrastructure, not just slides and policies.
A reviewer and advisor who partners with developers and teams on proposed projects from a security perspective.
A versatile contributor who still gets meaningful work done in other engineering domains.
This role is not:
A regulatory or legal compliance role. Compliance evidence will be a byproduct of good engineering, not the job itself.
An audit-and-recommend-only role. We need someone who builds what they recommend.
What you’ll work on
The scope below outlines where this role will harden, automate, and validate Client’s security posture across our infrastructure, platform and customer facing surfaces. We expect the person in this role to refine priorities based on what they learn in their first weeks.
Internal tools, services, and applications that harden our security posture
Proper network segmentation best practices across tenants, management, and customer planes.
SSH and system access management architecture
Multi-tier secret storage for both internal users and customers.
User account management and lifecycle policy for core systems (joiners, movers, leavers done right).
Secret rotation pathways for core internal systems, automated, auditable, and not reliant on tribal memory.
x509 certificate issuing architecture, an internal PKI we can actually operate and rotate.
Security-focused monitoring, alerting, and auditing
Multi-redundancy Vault admin logging.
GCP access and action logging with real retention and alerting.
Automatic alerting and reporting from log aggregation pipelines.
Network traffic analysis and reporting, feeding off our existing fabric telemetry.
Security-focused dashboards that are actually used, not just built.
Customer-facing secret and identity management
As our cloud offering matures, this role helps define the customer-side story:
KMS architecture and options.
Encryption strategy, at rest, in transit, and tenant-scoped.
Security re
