Cloud & Infrastructure Security Engineer - Secure the Future of Staking
Location: Paris, London, or Remote (Western EU)
Ready to level up your cybersecurity career and dive into the exciting world of Web3? Kiln, a leading enterprise-grade staking platform and proud member of the prestigious French Tech #FT120 program, is looking for a Cloud & Infrastructure Security Engineer to help us build and secure the future of staking.
In this role, you'll be a key player in hardening our cloud, Kubernetes, and bare-metal environments. You'll lead the charge in building automated detection and remediation workflows, enhancing visibility across all infrastructure assets, and collaborating closely with our infrastructure and software teams. This is a hands-on technical role where you'll own core security tooling and processes across a fast-scaling, high-availability infrastructure landscape, processing over $15 billion in crypto assets.
What You'll Do:
Cloud & Infrastructure Security: Define and enforce security guardrails across AWS, GCP, and bare-metal infrastructure. Implement and maintain least privilege access controls across IAM roles, service accounts, and API keys. Secure networking patterns using a Zero Trust approach (e.g., Tailscale). Proactively surface insecure IaC changes through pre-commit hooks and GitHub Actions.
CNAPP & Exposure Management: Own the configuration and deployment of our CNAPP platform across all environments. Build and maintain dashboards to monitor asset posture, misconfigurations, and critical risk combinations. Triage and remediate CNAPP findings in collaboration with the infrastructure team. Publish periodic risk reviews with actionable insights and recurring issue tracking.
Detection & Observability: Maintain and tune SIEM/SOAR pipelines to detect infrastructure-level threats. Write and optimize detection rules for privilege escalations, unusual API usage, and network anomalies.
Secure Access & Identity Architecture: Partner with IT and security operations teams to design JIT access flows and secure service-to-service authentication mechanisms (OIDC, IAM roles). Continuously audit and enhance integrations across Okta, cloud platforms, and internal applications with a focus on least privilege.
Infrastructure Collaboration: Enable engineering teams to build securely by contributing to reusable, hardened IaC modules and baselines. Define security benchmarks for KMS, compute workloads, and container deployments leveraging secure base images. Participate in design reviews for new infrastructure and services to embed security early.
Application Security Collaboration: Support software teams by surfacing and tracking findings related to SBOM generation, vulnerable dependencies, and OCI base image risks. Collaborate with developers to remediate issues surfaced through our security tooling and help optimize it.
Security Automation: Build tools and workflows to auto-remediate misconfigurations and push security alerts to engineering teams. Develop internal bots and pipelines to enforce best practices at scale and simplify remediation.
Compliance & Governance: Actively participate in defining and documenting technical controls to meet compliance frameworks (SOC 2, ISO 27001, NIST). Propose and implement dashboards and automation to monitor the compliance status of the stack. Partner with auditors and stakeholders to provide evidence and demonstrate ongoing control effectiveness.
What You'll Bring:
Experience: 5+ years of experience in cloud infrastructure or security engineering, preferably within high-growth, cloud-native environments. Strong background in securing AWS, GCP, and bare-metal environments, including IAM, networking, and IaC deployments. Strong background in managing Kubernetes clusters.
Skills: Proficient in Terraform, CI/CD tooling (GitHub Actions), GitHub Enterprise, and cloud infrastructure observability. Deep understanding of infrastructure security concepts: least privilege, Zero Trust, secrets management, and runtime hardening. Ownership experience with security platforms including CNAPP, SIEM/SOAR stacks, and identity systems. Comfortable collaborating across infra, platform, and security teams to drive security adoption. Proficiency in scripting or development (Python, Go, or Bash) for workflow automation.
Bonus Points: French speaking, familiarity with blockchain or validator infrastructure, hands-on experience managing Wiz CNAPP, exposure to compliance frameworks (SOC 2, ISO 27001, or NIST), experience with threat detection/incident response/threat hunting, and interest in Web3, blockchain, cryptocurrency and smart contracts (check out our Tech Blog and Open-Source Contributions!).
Why Kiln?
Kiln is the leading enterprise-grade rewards platform, enabling institutional customers to stake assets and integrate staking & DeFi functionality into their offerings. We manage over 5.4% of the Ethereum network through 50,000+ validators with zero slashing events and serve over 140 leading customers like Binance, BitPanda, Bitgo, and Fireblocks.
Our team of 100+ ecosystem enthusiasts brings experience from Google, Circle, Ledger, and Chainalysis. We've raised $30M in funding from prominent investors.
Join us and help make the web more secure, stable, decentralized, and fair!
What We Offer:
At Kiln, our values drive us: Technical Excellence, Innovation-Driven Meritocracy, Trust and Transparency, and People First. We offer:
A fast-paced, bureaucracy-free work environment
Equity share options
Competitive salary
Flexible holiday
Flexible remote working
Choice of IT equipment
Internet connection allowance (€50/month)
Significant personal development budget
Overseas tech conferences budget
Kiln is an Equal Opportunity Employer committed to fostering an inclusive and diverse workplace. We welcome applications from all backgrounds.
Interview Process:
Recruiter Interview (45 min)
Take-home test (< 3 hours)
Technical Interview (60 min)
Core Values Interview (45 min)
Founders Interview (30 min)
Offer!
Your personal information will be securely stored in our ATS and will not be shared with external parties. We comply with GDPR regulations. We do not sponsor visas and this role is for full-time employees only.