Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe.About This RoleCrusoe is building the world’s favorite AI-first cloud infrastructure. We are seeking a Staff Corporate Security Engineer to act as the principal architect for our corporate security posture.In this role, you will move beyond tactical tool management to design high-assurance, preventative systems that safeguard our identity perimeter, global network, and SaaS ecosystem. As a senior technical leader, you will build a “Secure by Default” environment where security is seamlessly embedded into the employee experience.What You’ll Be Working OnLeading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access modelsArchitecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensionsImplementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systemsDesigning and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual propertyStrengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risksArchitecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principlesScaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privilegesDefining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systemsWhat You’ll Bring to the Team8+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architecturesStrong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and SlackExperience implementing device trust, endpoint security, and hardware-backed identity solutionsStrong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patternsKnowledge of email security, phishing mitigation, and session security controlsExperience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risksFamiliarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patternsStrong architectural mindset with the ability to design preventative, scalable security systemsExcellent communication skills and ability to influence security decisions across engineering and business teamsBonus PointsExperience implementing CASB platforms and enterprise DLP solutions at scaleFamiliarity with Model Context Protocol (MCP) or similar AI orchestration frameworksExperience building “Secure by Default” environments in high-growth organizationsBackground in cloud-native or AI infrastructure environment.Benefits:Competitive compensation and equity packagesRestricted Stock UnitsPaid time off, paid holidays & leave of absence programsComprehensive health, dental & vision insuranceEmployer contributions to HSA accountPaid parental leavePaid life insurance, short-term and long-term disabilityProfessional development & tuition reimbursementMental health & wellness supportCommuter benefits (parking & transit)Cell phone stipend401(k) Retirement plan with company match up to 4% of salaryVolunteer time offGlobal travel insurance & emergency assistanceDaily meals allowanceAdditional perks & programs specific to locationCompensation RangeCompensation will be paid in the range of up to $210,000 - $255,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.