Staff Corporate Security Engineer

Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.

We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.

We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.

If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe.

About This Role

Crusoe is building the world’s favorite AI-first cloud infrastructure. We are seeking a Staff Corporate Security Engineer to act as the principal architect for our corporate security posture.

In this role, you will move beyond tactical tool management to design high-assurance, preventative systems that safeguard our identity perimeter, global network, and SaaS ecosystem. As a senior technical leader, you will build a “Secure by Default” environment where security is seamlessly embedded into the employee experience.

What You’ll Be Working On

• Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models

• Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions

• Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems

• Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property

• Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks

• Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles

• Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privileges

• Defining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systems

What You’ll Bring to the Team

• 8+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures

• Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack

• Experience implementing device trust, endpoint security, and hardware-backed identity solutions

• Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns

• Knowledge of email security, phishing mitigation, and session security controls

• Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks

• Fam