Staff Infrastructure Security Enginee
Forge the future of sustainable AI. At Crusoe, we're not just building a cloud; we're powering the AI revolution with groundbreaking, energy-efficient infrastructure. We're looking for a visionary Staff Infrastructure Security Engineer to embed security deep into the DNA of Crusoe Cloud, ensuring our purpose-built platform is a fortress for high-performance AI workloads.
Be a part of a team that's setting the pace for responsible, transformative cloud infrastructure. Here, you'll drive meaningful innovation, make a tangible impact, and accelerate the abundance of energy and intelligence.
The Opportunity
This isn't just a role; it's a mission. As our Staff Infrastructure Security Engineer, you'll be the architect of trust, safeguarding the very foundations of Crusoe Cloud – our purpose-built compute platform designed for the most demanding AI and high-performance workloads. Your expertise will be crucial in designing and embedding robust security controls into our global infrastructure, empowering customers to innovate within a truly secure, "secure-by-default" environment. You'll thrive at the dynamic intersection of infrastructure, security, and reliability, defining the identity, network, and cloud security systems that will scale with a rapidly expanding cloud provider.
What You'll Be Building & Securing
Architecting security controls across compute, networking, and storage layers of a global cloud platform.
Championing Infrastructure-as-Code (IaC) standards (e.g., Terraform) to enforce secure defaults, immutability, and drift detection.
Building automated security guardrails embedded directly into CI/CD and deployment pipelines.
Collaborating on a centralized Vault-as-a-Platform service to manage secrets, encryption keys, and internal PKI.
Designing and operating certificate lifecycles (X.509, SSH) to support secure machine-to-machine trust.
Driving adoption of short-lived, Just-In-Time (JIT) access models to reduce standing privileges and improve auditability.
Securing core network foundations, including global DNS architecture, service discovery, and network authentication systems.
Designing and maintaining authentication controls for network infrastructure to ensure secure, monitored access.
Partnering closely with infrastructure, platform, and SRE teams to identify and remediate security gaps in foundational systems.
What You'll Bring to the Team
8+ years of hands-on experience in infrastructure engineering, SRE, or security engineering.
Deep understanding of security principles across the stack, from Linux and container runtimes to cloud control planes.
Proven experience using Infrastructure-as-Code (Terraform) to manage complex, multi-environment infrastructure at scale.
Strong knowledge of cryptography, secrets management, PKI, and modern authentication standards.
Experience securing public cloud (AWS, GCP) and/or bare-metal environments.
Strong networking fundamentals, including routing, segmentation, firewalls, and Zero Trust architectures.
Hands-on experience with Kubernetes and container security, including secure secrets injection into microservices.
Fluency in at least one programming language (Go or Python preferred) for automation and tooling.
Bonus Points
Experience building or operating internal security platforms (e.g., Vault-as-a-Service).
Background securing high-scale cloud or AI infrastructure.
Experience implementing Zero Trust identity architectures end-to-end.
Familiarity with bare-metal provisioning and data center security considerations.
Compensation Range
Compensation will be paid in the range of up to $210,000 - $265,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's knowledge, education, and abilities, as well as internal equity and alignment with market data.
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.