Crusoe
Staff Infrastructure Security Engineer
Crusoe, San Francisco, California, United States, 94199
Job Overview
Crusoe's mission is to accelerate the abundance of energy and intelligence. We’re crafting the engine that powers a world where people can create ambitiously with AI — without sacrificing scale, speed, or sustainability. Be a part of the AI revolution with sustainable technology at Crusoe. Here, you'll drive meaningful innovation, make a tangible impact, and join a team that’s setting the pace for responsible, transformative cloud infrastructure.
Position Staff Infrastructure Security Engineer
We are seeking a highly skilled Staff Infrastructure Security Engineer to architect, deploy, and operationalize the foundational security services that will underpin our shift to a Zero Trust model. In this strategic role, you will define and establish the "roots of trust" for our organization, serving as a technical leader in Secrets Management and Identity architecture. While your immediate focus is to serve as the Subject Matter Expert (SME) driving our enterprise HashiCorp Vault platform from Proof-of-Concept (PoC) to global production readiness, your long-term scope is far broader. You will be responsible for evolving our credentials management strategy, onboarding engineering teams to secure self-service workflows, and designing scalable trust patterns across our hybrid multi-cloud environment.
Key Responsibilities
Strategic Architecture & Governance
Zero Trust Architecture: Architect a highly available, disaster-resilient, and scalable multi-cluster secrets management platform that serves as the foundation for the organization’s Zero Trust strategy.
Technical Leadership: Drive consensus across Cloud Engineering, DevOps, and SRE teams to define standardized secret management workflows and integrate security patterns into the SDLC.
Compliance & Governance: Ensure the platform design meets rigorous internal policies and external compliance frameworks (e.g., SOX, ISO 27001).
Policy as Code: Design and implement advanced governance controls, including Sentinel Policy as Code, to automate security guardrails and access decisions.
Platform Engineering & Implementation
Infrastructure as Code (IaC): Lead the engineering of the Vault infrastructure using Terraform, ensuring all deployments are reproducible, version-controlled, and automated.
Identity Integration: Architect the integration between the secrets platform, Identity Providers (Okta), and workload identities (Kubernetes Service Accounts) to establish robust machine-to-machine authentication.
Advanced Secrets Capabilities: Configure and tune essential secrets engines (KV, Transit, KMIP) and Enterprise features (Performance Replication, Seal automation) to support diverse engineering use cases.
Operational Excellence & Developer Enablement
Vault as a Service (VaaS): Operationalize the platform by building self-service mechanisms, distinct "paved road" onboarding procedures, and documentation that allows engineering teams to easily consume security services.
Observability: Implement comprehensive monitoring, alerting, and audit logging to ensure platform health, provide visibility into usage patterns, and satisfy audit requirements.
Lifecycle Management: Own the full operational lifecycle of the production environment, including patching, version upgrades, backup/restore procedures, and incident response runbooks.
Required Qualifications
6+ years (or equivalent) hands‑on experience in cloud security, DevOps, or infrastructure engineering.
Deep expertise and proven track record deploying and managing HashiCorp Vault in an enterprise environment (experience with the Enterprise edition is highly preferred).
Expert‑level knowledge of Secrets Management, X.509 PKI (Public Key Infrastructure), Certificate Authority Operations, and Cryptography concepts.
Strong experience with Google Cloud Platform (GCP) and cloud native identity and access management (IAM).
Proficiency with Infrastructure as Code (IaC) tools, especially Terraform, for automating the deployment and configuration of Vault and its dependent infrastructure.
Technical Skills
Fluent in at least one programming language (ideally Go or Python).
Demonstrable experience with Kubernetes and container security principles, especially integrating secrets into microservices architectures.
Strong understanding of network security concepts (IP addressing, IP routing, firewalls, segmentation, Zero Trust).
Benefits
Industry competitive pay
Restricted Stock Units in a fast growing, well‑funded technology company
Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
Employer contributions to HSA accounts
Paid Parental Leave
Paid life insurance, short‑term and long‑term disability
Teladoc
401(k) with a 100% match up to 4% of salary
Generous paid time off and holiday schedule
Cell phone reimbursement
Tuition reimbursement
Subscription to the Calm app
MetLife Legal
Company paid commuter benefit; $300 per month
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Technology, Information and Internet
Referrals increase your chances of interviewing at Crusoe by 2x
#J-18808-Ljbffr
Position Staff Infrastructure Security Engineer
We are seeking a highly skilled Staff Infrastructure Security Engineer to architect, deploy, and operationalize the foundational security services that will underpin our shift to a Zero Trust model. In this strategic role, you will define and establish the "roots of trust" for our organization, serving as a technical leader in Secrets Management and Identity architecture. While your immediate focus is to serve as the Subject Matter Expert (SME) driving our enterprise HashiCorp Vault platform from Proof-of-Concept (PoC) to global production readiness, your long-term scope is far broader. You will be responsible for evolving our credentials management strategy, onboarding engineering teams to secure self-service workflows, and designing scalable trust patterns across our hybrid multi-cloud environment.
Key Responsibilities
Strategic Architecture & Governance
Zero Trust Architecture: Architect a highly available, disaster-resilient, and scalable multi-cluster secrets management platform that serves as the foundation for the organization’s Zero Trust strategy.
Technical Leadership: Drive consensus across Cloud Engineering, DevOps, and SRE teams to define standardized secret management workflows and integrate security patterns into the SDLC.
Compliance & Governance: Ensure the platform design meets rigorous internal policies and external compliance frameworks (e.g., SOX, ISO 27001).
Policy as Code: Design and implement advanced governance controls, including Sentinel Policy as Code, to automate security guardrails and access decisions.
Platform Engineering & Implementation
Infrastructure as Code (IaC): Lead the engineering of the Vault infrastructure using Terraform, ensuring all deployments are reproducible, version-controlled, and automated.
Identity Integration: Architect the integration between the secrets platform, Identity Providers (Okta), and workload identities (Kubernetes Service Accounts) to establish robust machine-to-machine authentication.
Advanced Secrets Capabilities: Configure and tune essential secrets engines (KV, Transit, KMIP) and Enterprise features (Performance Replication, Seal automation) to support diverse engineering use cases.
Operational Excellence & Developer Enablement
Vault as a Service (VaaS): Operationalize the platform by building self-service mechanisms, distinct "paved road" onboarding procedures, and documentation that allows engineering teams to easily consume security services.
Observability: Implement comprehensive monitoring, alerting, and audit logging to ensure platform health, provide visibility into usage patterns, and satisfy audit requirements.
Lifecycle Management: Own the full operational lifecycle of the production environment, including patching, version upgrades, backup/restore procedures, and incident response runbooks.
Required Qualifications
6+ years (or equivalent) hands‑on experience in cloud security, DevOps, or infrastructure engineering.
Deep expertise and proven track record deploying and managing HashiCorp Vault in an enterprise environment (experience with the Enterprise edition is highly preferred).
Expert‑level knowledge of Secrets Management, X.509 PKI (Public Key Infrastructure), Certificate Authority Operations, and Cryptography concepts.
Strong experience with Google Cloud Platform (GCP) and cloud native identity and access management (IAM).
Proficiency with Infrastructure as Code (IaC) tools, especially Terraform, for automating the deployment and configuration of Vault and its dependent infrastructure.
Technical Skills
Fluent in at least one programming language (ideally Go or Python).
Demonstrable experience with Kubernetes and container security principles, especially integrating secrets into microservices architectures.
Strong understanding of network security concepts (IP addressing, IP routing, firewalls, segmentation, Zero Trust).
Benefits
Industry competitive pay
Restricted Stock Units in a fast growing, well‑funded technology company
Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
Employer contributions to HSA accounts
Paid Parental Leave
Paid life insurance, short‑term and long‑term disability
Teladoc
401(k) with a 100% match up to 4% of salary
Generous paid time off and holiday schedule
Cell phone reimbursement
Tuition reimbursement
Subscription to the Calm app
MetLife Legal
Company paid commuter benefit; $300 per month
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Technology, Information and Internet
Referrals increase your chances of interviewing at Crusoe by 2x
#J-18808-Ljbffr