Principal Infrastructure Security Enginee
Are you ready to secure the future of AI at hyperscale? Crusoe is accelerating the abundance of energy and intelligence, pioneering the world's first vertically integrated AI infrastructure company. We control every layer, from electrons to tokens, to power the most demanding AI workloads. Join us and build the future, faster, in the midst of the greatest industrial revolution of our time.
The insatiable demand for AI compute faces a power bottleneck – and we're solving it with an energy-first approach that delivers superior, more sustainable AI infrastructure. We're seeking visionary problem-solvers who thrive on uncharted paths, driven by a sense of urgency and a belief in the scale of our ambition. Grow your career alongside experts in energy, manufacturing, data center construction, and cloud services.
If you're looking to do the most meaningful work of your career, empower customers and partners to advance their AI strategies, and collaborate with a high-performing team, come build with Crusoe.
About This Pivotal Role
As our Principal Infrastructure Security Engineer, you won't just secure infrastructure; you'll serve as the visionary lead defining the next generation of security for Crusoe’s cutting-edge AI cloud. This role demands an industry-recognized security expert with a proven track record at hyperscale, capable of systematically dismantling infrastructure risk. You are stepping in at a critical evolutionary phase: leading our architectural shift to a true zero-trust, identity-first fabric.
You will be the bridge between hardware roots-of-trust and the cloud control plane, tackling complex challenges across the entire stack. From mitigating hardware-level supply chain vulnerabilities and BMC hardening, to securing public build environments and implementing cryptographically attested workload identities – this is your domain. You aren't just securing a cloud; you are defining the security standard for the age of generative AI infrastructure while directly driving our enterprise security roadmap.
What You'll Be Architecting & Securing
Platform Security Services: Lead the architectural transition to a zero-trust network by driving the adoption of Workload Identity (SPIRE/SPIFFE) and enforcing mutual TLS (mTLS) with encryption and authorization policy enforcement across all service-to-service communications.
Eradicating Static Credentials: Architect and deploy Just-in-Time (JIT) access models, ephemeral credentials (PAM), and granular machine identities to systematically eliminate static credentials and API keys across the infrastructure.
Full-Stack Supply Chain Security: Architect and enforce robust security controls across the entire supply chain spectrum: from firmware and bare-metal (hardening BMC administration and establishing verifiable roots-of-trust) up through the hypervisor, VM layer, cloud control plane, and CI/CD build environments (GitLab).
Enterprise Data Security & Secrets Management: Drive the technical delivery of highly requested enterprise trust features, including Customer-Managed Encryption Keys (CMEK) and an internal Secrets-as-a-Service platform (Vault-aaS).
Runtime Integrity & Advanced Threat Defense: Lead the deployment of host-level controls using eBPF and Falco-class tooling for kernel lockdown, audit expansion, and immutable logging to detect and prevent threats in real-time.
Network & Hardware Isolation: Guide the security architecture for SDN 2.0 (OVN sharding per tenant), secure VPC peering, and private connectivity (IPsec VPN, VPC Interface Endpoints) to ensure rigorous tenant isolation without an AI workload performance tax.
Executive Advisory & Prioritization: Act as a trusted advisor to leadership, synthesizing ambiguous systemic signals—from endpoint and SaaS risks to deep infrastructure vulnerabilities—into clear engineering action plans and RFCs.
What You'll Bring to the Team
Hyperscale Provenance: 12+ years of experience in infrastructure security, security architecture, or production engineering, with significant tenure at a major cloud provider (e.g., AWS, GCP, Azure) or specialized high-performance computing environment.
Identity & Zero Trust Mastery: Deep, hands-on architectural expertise with modern identity frameworks (SPIFFE/SPIRE, OIDC, OAuth 2.0) and a proven track record of successfully rolling out mTLS and ephemeral credentialing at scale.
Supply Chain & Pipeline Security: Strong experience securing public/private build environments, enforcing CI/CD pipeline integrity, and mitigating risks across software, firmware, and hardware supply chains.
Deep Systems & Kernel Authority: Authoritative knowledge of OS-level security, Linux kernel internals, hypervisor isolation boundaries, and runtime integrity tooling (eBPF, Falco).
Hardware-to-Software Security: Proven experience securing bare-metal infrastructure, including Baseboard Management Controller (BMC) hardening, TPMs, Secure Boot, and out-of-band management networks.
Coding & Automation Fluency: Strong ability to read, review, and write code (Go, Python, Rust, or C/C++) to automate security guardrails and prototype secure systems.
Communication Mastery: The rare ability to explain the nuances of hypervisor supply chain risks to an engineer, and the business value of CMEK to executive leadership and enterprise customers.
Mandatory Education: A Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cybersecurity, or a related field (or equivalent professional experience).
Bonus Points
AI/ML Workload Expertise: Direct experience securing massive-scale GPU clusters, LLM training pipelines, or highly sensitive AI datasets.
Open Source Leadership: Maintainer status or major contributions to CNCF security tools (e.g., SPIFFE/SPIRE, Falco, OPA) or the Linux Kernel.
Corporate & IT Security Crossover: Experience partnering with IT security to mitigate endpoint, SaaS (Okta, Google Workspace), and insider risks that bridge the corporate and production boundaries.
Benefits
Competitive compensation and equity packages
Restricted Stock Units
Paid time off, paid holidays & leave of absence programs
Comprehensive health, dental & vision insurance
Employer contributions to HSA account
Paid parental leave
Paid life insurance, short-term and long-term disability
Professional development & tuition reimbursement
Mental health & wellness support
Commuter benefits (parking & transit)
Cell phone stipend
401(k) Retirement plan with company match up to 4% of salary
Volunteer time off
Global travel insurance & emergency assistance
Daily meals allowance
Additional perks & programs specific to location
Compensation Range
Compensation will be paid in the range of up to $280,000 - $330,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's knowledge, education, and abilities, as well as internal equity and alignment with market data.
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.