Staff Security Engineer, Infrastructure

About the Role

We’re looking for a Security Engineer, Infrastructure to secure the core systems that power fal.ai’s platform: GPU compute, multi-cloud environments, networking, and data pipelines. You’ll operate across the full stack, from cloud and Kubernetes to identity, networking, and secrets, designing and implementing security controls that scale with a high-performance AI platform. This role is highly hands-on and systems-oriented, sitting at the intersection of security, infrastructure, and distributed systems.

What You’ll Do

Build & Harden Infrastructure Security

Design and implement security controls across:

• Cloud infrastructure
• Kubernetes and containerized workloads
• Networking, service meshes, and edge systems
• CI/CD pipelines and deployment systems
• Secure compute environments for GPU workloads and model execution

Identity, Secrets & Access

• Machine identity and workload authentication
• Secrets management and encryption (e.g., Vault, KMS)
• Least-privilege access and short-lived credentials
• Implement Zero Trust principles across infrastructure

Secure AI & Data Systems

• Protect model weights, inference endpoints, and customer data
• Design secure data access pathways and isolation mechanisms
• Ensure safe multi-tenant execution environments

Automation & Security Tooling

• Build security guardrails directly into infrastructure and CI/CD
• Use Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaults
• Continuously identify and remediate security gaps through automation

Threat Modeling & Risk Reduction

• Identify and mitigate risks across infrastructure layers
• Defend against both external attackers and insider threats
• Drive projects like network isolation, encryption, and secure service communication

Cross-Functional Collaboration

• Partner with platform, infra, and ML teams to drive shift-left security
• Enable engineers to move fast with secure-by-default systems
• Contribute to a strong security culture across the company

What We’re Looking For

Core Requirements

• 8+ years in security engineering, infrastructure, or SRE
• Strong understanding of:
• Cloud security (AWS, GCP, or Azure)
• Networking fundamentals (segmentation, firewalls, Zero Trust)
• Linux systems and container security (Docker, Kubernetes)
• Experience building or securing production infrastructure at scale

Security Expertise

Deep knowledge of:

• Authentication & authorization systems
• Secrets management and cryptography basics
• Common vulnerabilities and attack vectors
• Ability to design security controls across multiple layers (infra → app)

Engineering Skills

• Proficiency in at least one language (Go, Python, or similar)
• Experience with Infrastructure-as-Code (Terraform preferred)
• Strong automation mindset—security should scale with systems

Nice to Have

Experience with:

• GPU infrastructure or ML systems
• Multi-tenant platform isolation
• Service mesh / zero-trust architectures
• High-growth startup environments

What Makes This Role Unique

• Work on cutting-edge AI infrastructure security (not just SaaS)
• Secure GPU clusters, model execution, and real-time inference systems
<