CrawlJobs Logo
Crusoe Logo Crusoe · IT - Software Development

Staff Infrastructure Security Engineer

United States, San Francisco · Job Posted January 19, 2026
Apply Position
Job Link Share

Job Description

Crusoe's mission is to accelerate the abundance of energy and intelligence. We’re crafting the engine that powers a world where people can create ambitiously with AI — without sacrificing scale, speed, or sustainability. Be a part of the AI revolution with sustainable technology at Crusoe. Here, you'll drive meaningful innovation, make a tangible impact, and join a team that’s setting the pace for responsible, transformative cloud infrastructure. We are seeking a highly skilled Staff Infrastructure Security Engineer to architect, deploy, and operationalize the foundational security services that will underpin our shift to a Zero Trust model. In this strategic role, you will define and establish the "roots of trust" for our organization, serving as a technical leader in Secrets Management and Identity architecture. While your immediate focus is to serve as the Subject Matter Expert (SME) driving our enterprise HashiCorp Vault platform from Proof-of-Concept (PoC) to global production readiness, your long-term scope is far broader. You will be responsible for evolving our credentials management strategy, onboarding engineering teams to secure self-service workflows, and designing scalable trust patterns across our hybrid multi-cloud environment.

Job Responsibility

  • Strategic Architecture & Governance: Architect a highly available, disaster-resilient, and scalable multi-cluster secrets management platform that serves as the foundation for the organization’s Zero Trust strategy
  • Technical Leadership: Drive consensus across Cloud Engineering, DevOps, and SRE teams to define standardized secret management workflows and integrate security patterns into the SDLC
  • Compliance & Governance: Ensure the platform design meets rigorous internal policies and external compliance frameworks (e.g., SOX, ISO 27001)
  • Policy as Code: Design and implement advanced governance controls, including Sentinel Policy as Code, to automate security guardrails and access decisions
  • Platform Engineering & Implementation: Infrastructure as Code (IaC): Lead the engineering of the Vault infrastructure using Terraform, ensuring all deployments are reproducible, version-controlled, and automated
  • Identity Integration: Architect the integration between the secrets platform, Identity Providers (Okta), and workload identities (Kubernetes Service Accounts) to establish robust machine-to-machine authentication
  • Advanced Secrets Capabilities: Configure and tune essential secrets engines (KV, Transit, KMIP) and Enterprise features (Performance Replication, Seal automation) to support diverse engineering use cases
  • Operational Excellence & Developer Enablement: Vault as a Service (VaaS): Operationalize the platform by building self-service mechanisms, distinct "paved road" onboarding procedures, and documentation that allows engineering teams to easily consume security services
  • Observability: Implement comprehensive monitoring, alerting, and audit logging to ensure platform health, provide visibility into usage patterns, and satisfy audit requirements
  • Lifecycle Management: Own the full operational lifecycle of the production environment, including patching, version upgrades, backup/restore procedures, and incident response runbooks

Requirements

  • 6+ years (or equivalent) hands-on experience in cloud security, DevOps, or infrastructure engineering
  • Deep expertise and proven track record deploying and managing HashiCorp Vault in an enterprise environment (experience with the Enterprise edition is highly preferred)
  • Expert-level knowledge of Secrets Management, X.509 PKI (Public Key Infrastructure), Certificate Authority Operations, and Cryptography concepts
  • Strong experience with Google Cloud Platform (GCP) and cloud native identity and access management (IAM)
  • Proficiency with Infrastructure as Code (IaC) tools, especially Terraform, for automating the deployment and configuration of Vault and its dependent infrastructure
  • Fluent in at least one programming language (ideally Go or Python)
  • Demonstrable experience with Kubernetes and container security principles, especially integrating secrets into microservices architectures
  • Strong understanding of network security concepts (IP addressing, IP routing, firewalls, segmentation, Zero Trust)

What we offer

  • Industry competitive pay
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Tuition reimbursement
  • Subscription to the Calm app
  • MetLife Legal
  • Company paid commuter benefit
  • $300 per month
Crusoe - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Staff Infrastructure Security Engineer

8 matching positions

Staff Infrastructure Security Engineer

Crusoe’s mission is to accelerate the abundance of energy and intelligence. We’r...
Location
Location
United States , San Francisco
Salary
Salary:
210000.00 - 265000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in infrastructure engineering, SRE, or security engineering
  • Deep understanding of security principles across the stack, from Linux and container runtimes to cloud control planes
  • Proven experience using Infrastructure-as-Code (Terraform) to manage complex, multi-environment infrastructure at scale
  • Strong knowledge of cryptography, secrets management, PKI, and modern authentication standards
  • Experience securing public cloud (AWS, GCP) and/or bare-metal environments
  • Strong networking fundamentals, including routing, segmentation, firewalls, and Zero Trust architectures
  • Hands-on experience with Kubernetes and container security, including secure secrets injection into microservices
  • Fluency in at least one programming language (Go or Python preferred) for automation and tooling
Job Responsibility
Job Responsibility
  • Architecting security controls across compute, networking, and storage layers of a global cloud platform
  • Championing Infrastructure-as-Code (IaC) standards (e.g., Terraform) to enforce secure defaults, immutability, and drift detection
  • Building automated security guardrails embedded directly into CI/CD and deployment pipelines
  • Collaborating on a centralized Vault-as-a-Platform service to manage secrets, encryption keys, and internal PKI
  • Designing and operating certificate lifecycles (X.509, SSH) to support secure machine-to-machine trust
  • Driving adoption of short-lived, Just-In-Time (JIT) access models to reduce standing privileges and improve auditability
  • Securing core network foundations, including global DNS architecture, service discovery, and network authentication systems
  • Designing and maintaining authentication controls for network infrastructure to ensure secure, monitored access
  • Partnering closely with infrastructure, platform, and SRE teams to identify and remediate security gaps in foundational systems
What we offer
What we offer
  • Bonus
  • Restricted Stock Units
  • Fulltime
Read More
Arrow Right

Staff Infrastructure Security Engineer

We’re seeking a Staff Infrastructure Security Engineer to architect and operatio...
Location
Location
United States , San Francisco; Bellevue; Sunnyvale; Denver
Salary
Salary:
210000.00 - 265000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in cloud security, DevOps, or infrastructure engineering
  • Deep, production-grade experience deploying and operating HashiCorp Vault in enterprise environments (Enterprise edition strongly preferred)
  • Expert knowledge of secrets management, cryptography, PKI/X.509 certificate authorities, and trust systems
  • Strong experience with Google Cloud Platform (GCP) and cloud-native IAM models
  • Proven expertise using Infrastructure-as-Code tools (Terraform) to automate security platforms
  • Hands-on experience with Kubernetes and securely integrating secrets into microservices architectures
  • Fluency in at least one programming language (Go or Python preferred) for automation and tooling
  • Strong understanding of network security fundamentals, including segmentation, firewalls, routing, and Zero Trust concepts
Job Responsibility
Job Responsibility
  • Architecting a highly available, disaster-resilient, multi-cluster secrets management platform as the foundation of our Zero Trust strategy
  • Driving Vault from PoC to enterprise-grade production, establishing standards, reliability, and scalability
  • Leading cross-functional alignment with Cloud Engineering, DevOps, and SRE teams on secure secret management workflows embedded into the SDLC
  • Designing and enforcing governance controls to meet internal policies and external compliance requirements (e.g., SOX, ISO 27001)
  • Implementing Policy as Code using Sentinel to automate guardrails and access decisions
  • Engineering Vault infrastructure using Terraform with fully automated, reproducible, and version-controlled deployments
  • Architecting integrations between Vault, identity providers (e.g., Okta), and workload identities (e.g., Kubernetes Service Accounts)
  • Configuring and tuning core Vault secrets engines (KV, Transit, KMIP) and Enterprise features such as performance replication and automated sealing
  • Operationalizing “Vault as a Service” through paved-road onboarding, self-service workflows, and clear developer documentation
  • Building observability across the platform, including monitoring, alerting, audit logging, and usage insights
What we offer
What we offer
  • Industry competitive pay
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Fulltime
Read More
Arrow Right

Staff Infrastructure Security Engineer

We're building security systems for medical technology that handles sensitive da...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
heidihealth.com Logo
Heidi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Comfortable owning ambiguous problems end-to-end, from threat modelling to design to implementation to rollout
  • Strong domain understanding of cloud, identity, and networking fundamentals and how they fail in practice
  • Able to build durable systems: automated controls, paved paths, and reliable feedback loops
  • Works independently with stakeholders, aligns on trade-offs, and drives decisions without needing constant direction
  • Raises the bar for engineering teams by teaching patterns, writing clear docs, and improving defaults
Job Responsibility
Job Responsibility
  • Design and implement identity, network, and platform controls that reduce risk while keeping delivery fast
  • Build scalable security guardrails for infrastructure changes through infrastructure-as-code and delivery pipelines (policy checks, safe defaults, automated verification)
  • Improve service-to-service security patterns (workload identity, service authentication, secrets usage) in partnership with platform and application teams
  • Strengthen data and storage controls (encryption, key management, backup and recovery security, database hardening)
  • Reduce infrastructure attack vectors through hardening, configuration baselines, and continuous posture assessment
  • Improve supply chain integrity for infrastructure artefacts (build provenance, dependency and image integrity, SBOMs)
  • Contribute to the wider security program by turning requirements into platform capabilities and paved paths that teams can adopt with minimal friction
What we offer
What we offer
  • Flexible hybrid working environment, with 3 days in the office
  • A generous personal development budget of $500 per annum
  • Learn from some of the best engineers and creatives, joining a diverse team
  • Become an owner, with shares (equity) in the company, if Heidi wins, we all win
  • The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups
  • If you have an impact quickly, the opportunity to fast track your startup career
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • virtual-first work with several Bloomreach Hubs
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • $1,500 professional education budget annually
  • Employee Assistance Program with counselors
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
5000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • Owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • and mentoring junior staff
What we offer
What we offer
  • Restricted stock units
  • company performance bonus
  • great deal of freedom and trust
  • flexible working hours
  • work virtual-first
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Staff+ Software Engineer, Security Infrastructure

The Verkada Security Team is a software engineering team at its core- we build t...
Location
Location
United States , San Mateo
Salary
Salary:
200000.00 - 300000.00 USD / Year
verkada.com Logo
Verkada
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Science in Computer Science degree or equivalent
  • 7+ years of experience as a software engineer that has worked on security problems
  • interest in security weaknesses, attacks, and mitigations
  • experience leveraging AI as you build
  • excellent collaborative skills
  • outstanding written and verbal communication
  • must be willing and able to work onsite five days per week
Job Responsibility
Job Responsibility
  • Scale Verkada’s security in the SDLC through automation, libraries, tools and frameworks
  • write code in a variety of technology stacks and collaborate with engineering teams
  • lead initiatives to eliminate classes of vulnerabilities from Verkada
  • build tools to make it easy for Verkada’s software engineers to do the right thing for security
  • leverage AI to automate Verkada’s security engineering practices
  • collaborate with other engineering leaders to define, communicate, and execute on security goals, priorities and process
  • collaborate with the CISO and security team to grow the broader Verkada security and privacy programs
  • share your security experience with other teams internally and externally via security conferences, presentations, blogs and open source
What we offer
What we offer
  • Healthcare programs - Premiums are 100% covered for the employee under at least one plan and 80% for family premiums under all plans
  • Nationwide medical, vision and dental coverage
  • Health Saving Account (HSA) with annual employer contributions and Flexible Spending Account (FSA) with tax saving options
  • Expanded mental health support
  • Paid parental leave policy & fertility benefits
  • Time off through our paid holidays, firmwide extended holidays, flexible PTO and personal sick time
  • Professional development stipend
  • Fertility Stipend
  • Wellness/fitness benefits
  • Healthy lunches provided daily
  • Fulltime
Read More
Arrow Right

Staff Software Engineer - Security Infrastructure

We enable Plaid to quickly build safe and secure products while ensuring that Pl...
Location
Location
United States
Salary
Salary:
172368.00 - 370800.00 USD / Year
plaid.com Logo
Plaid
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong Software Engineering skills: 8+ years of experience building distributed systems, backend services, or infrastructure
  • You are "security-curious": understand the fundamentals of security (encryption, auth protocols like OIDC/OAuth, network security)
  • You think at a system-level: can visualize complex dependencies and design solutions that work across dozens of microservices
  • You are a Partner: can communicate complex security requirements to product managers and engineers with empathy and clarity
Job Responsibility
Job Responsibility
  • Design & Code: Write high-quality, scalable code to enhance product security or support security functions
  • Architect: Lead the technical design of complex, cross-functional security systems
  • Consult & Embed: Act as a security subject matter expert for other engineering teams
  • Operate: Own your systems in production
  • Innovate: Contribute to the broader security industry
  • Fulltime
Read More
Arrow Right

Staff Enterprise Security Engineer, AI Security

As a Staff Enterprise Security Engineer, you will be a technical leader within t...
Location
Location
Ireland
Salary
Salary:
Not provided
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in security engineering or infrastructure security
  • 2+ years of experience leading teams in a technical capacity or leading technical risk analysis in an enterprise environment
  • Expertise in cloud security (AWS, GCP) and container security (Kubernetes)
  • Proven track record of designing and deploying complex security systems at scale
  • Strong proficiency in programming languages such as Python, Go, or Java
Job Responsibility
Job Responsibility
  • Design and implement secure reference architectures for Enterprise AI platforms that secures every Twilion’s engagement with them, ensuring data integrity, regulatory compliance, and resilience against evolving AI threats
  • Establish a definitive framework for AI vetting, driving the cultural and policy shifts needed to institutionalize this strategic mindset across the organization
  • Collaborate with cross functional partners to develop and set the long term roadmap for agentic AI identity and posture management, ensuring cohesive strategies for reducing risk from agentic AI use
  • Maintain and improve our enterprise security posture through high-quality code (Python, Go, or similar) and automated infrastructure management via IAC
  • Act as a technical mentor to junior engineers and a strategic advisor to leadership on the evolving AI landscape
What we offer
What we offer
  • Competitive pay
  • Generous time off
  • Ample parental and wellness leave
  • Healthcare
  • Retirement savings program
  • Fulltime
Read More
Arrow Right