C
Posted 13 hours ago
Principal Infrastructure Security Engineer
CrusoePrincipal Infrastructure Security Engineer
Perks & benefits
Education AllowanceHealth InsurancePaid Leave
Requirements
12+ years infrastructure security experience, Cloud provider or HPC background, Identity framework expertise (SPIFFE/SPIRE), Linux kernel and hypervisor knowledge, Bare-metal and BMC security experience, Coding fluency in Go, Python, Rust, or C/C++, Degree in CS, CE, or Cybersecurity
Skills
Zero TrusteBPF
About the role
Responsibilities
- Lead the architectural transition to a zero-trust network using Workload Identity (SPIFFE/SPIRE) and mTLS
- Architect and deploy Just-in-Time (JIT) access models and ephemeral credentials to eliminate static keys
- Enforce security controls across the supply chain, from firmware and BMC hardening to CI/CD build environments
- Drive technical delivery of enterprise trust features like Customer-Managed Encryption Keys (CMEK) and Secrets-as-a-Service
- Deploy host-level controls using eBPF and Falco for kernel lockdown and real-time threat detection
- Guide security architecture for SDN 2.0, VPC peering, and private connectivity to ensure tenant isolation
- Act as a technical advisor to leadership, translating systemic risks into engineering action plans
Requirements
- 12+ years of experience in infrastructure security, security architecture, or production engineering
- Significant tenure at a major cloud provider (AWS, GCP, Azure) or high-performance computing environment
- Deep expertise with identity frameworks (SPIFFE/SPIRE, OIDC, OAuth 2.0) and mTLS at scale
- Strong experience securing CI/CD pipelines and software/hardware supply chains
- Authoritative knowledge of Linux kernel internals, hypervisor isolation, and runtime integrity (eBPF, Falco)
- Experience securing bare-metal infrastructure, including BMC hardening, TPMs, and Secure Boot
- Proficiency in Go, Python, Rust, or C/C++ for security automation
- Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cybersecurity, or related field
Preferred Qualifications
- Experience securing massive-scale GPU clusters or LLM training pipelines
- Maintainer status or major contributions to CNCF security tools (SPIFFE/SPIRE, Falco, OPA) or the Linux Kernel
- Experience mitigating endpoint and SaaS risks (Okta, Google Workspace)
Benefits
- Competitive compensation and equity packages (RSUs)
- Comprehensive health, dental, and vision insurance
- 401(k) with up to 4% company match
- Paid parental leave and volunteer time off
- Professional development and tuition reimbursement
- Daily meals allowance and commuter benefits
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freePrincipal Infrastructure Security Engineer
Crusoe · San Francisco
