AI Cloud Security Operations Lead - Americas

About The Position

Requirements

• Bachelor's degree or higher in Computer Science, Cybersecurity, Computer Engineering, or a related technical field.
• 10+ years of hands-on information security experience, with at least 5 years strictly focused on cloud infrastructure / IaaS / data center security technical operations roles (not pure management or documentation roles).
• Deep incident response experience as an Incident Commander, having successfully led at least 5 P0/P1 security incidents end-to-end. Thoroughly familiar with the NIST SP 800-61 IR process.
• Deep expertise in Linux system security, network protocols, TCP/IP, virtualization (KVM/QEMU), and container/Kubernetes security.
• Hands-on experience with at least one mainstream SIEM platform (Wazuh / Splunk / Elastic SIEM / Sentinel) and the ability to independently write detection rules. Familiarity with the SIGMA rule format is required.
• Familiar with the MITRE ATT&CK Framework (Cloud Matrix and Container Matrix) with a proven ability to design detection coverage assessments.
• Strong scripting and programming skills: Python (Required) + Shell (Required) ; Go or Rust are highly preferred.
• Ability to independently develop security tools and automation scripts.
• Familiarity with the eBPF technology stack (Tetragon / Falco / Cilium) and a strong understanding of its application in cloud-native runtime security.
• Familiarity with at least one IaC tool (Terraform / Ansible) and standard Git workflows to codify security configurations.
• At least one of the following industry certifications is required: GCIH, GCIA, GCFA, OSCP, CISSP, CCSP.
• Professional fluency in both English and Mandarin Chinese is required. Must be able to communicate effectively in English with US customers, MSSPs, law enforcement, and auditors, and in Mandarin with the Singapore HQ team and management for complex technical discussions and strategic reporting.
• Willingness to accept irregular working hours. Must participate in a 7x24 on-call rotation during major incidents and conduct daily cross-time-zone coordination with Singapore HQ (SGT).

Nice To Haves

• Go or Rust programming skills
• Experience with cloud-native detection tools like Tetragon, Falco, or Cilium
• Familiarity with Infrastructure as Code tools like Terraform or Ansible
• Experience with Git workflows for security configurations

Responsibilities

• Serve as the primary on-call security lead for the Americas region. Own 7x24 alert triage, incident response, and root cause analysis for AIDCs in CA, TN, WA, and beyond. Act as the primary security decision-maker during Americas business hours (PST 09:00-18:00) when Singapore HQ is offline.
• Personally drive the response to high-severity incidents (P0/P1) including GPU cluster cryptojacking, ransomware, data exfiltration, and tenant escape scenarios. Lead the full forensics, containment, and recovery cycle.
• Build and maintain Americas regional incident response playbooks and runbooks. Collaborate with the global SecOps team on SIEM detection rules, SOAR automation, and IR tabletop exercises.
• Lead customer security incident response—handle customer tickets, engage customer security teams, and coordinate with Sales and Customer Success on external communications. Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents.
• Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins, container escape, Kubernetes API abuse, and InfiniBand network anomalies.
• Design detection coverage assessments based on the MITRE ATT&CK Cloud Matrix and Container Matrix. Proactively identify and close visibility blind spots.
• Lead hypothesis-driven threat hunting activities. Conduct at least two structured hunting campaigns per month, producing comprehensive hunting reports and new detection rules.
• Design runtime detection capabilities using eBPF tools (Tetragon, Falco, Cilium) to complement traditional HIDS detection blind spots.
• Operationalize detection-as-code practices in the Americas region, including version-controlled detection rules, CI/CD pipelines, unit testing, and coverage metrics.
• Lead pre-production security readiness assessments for all Americas AIDCs. This covers perimeter networks, OOB management networks, BMC/IPMI hardening, KVM/QEMU virtualization baselines, GPU isolation validation (MIG/vGPU/Time-Slicing), and InfiniBand SM-key/M-key/P-key configuration reviews.
• Personally drive host hardening initiatives, including Linux baselines (CIS Benchmarks), auditd configuration, SSH hardening, privileged account management, and firmware/microcode CVE tracking.
• Partner with the Platform Engineering team to deploy eBPF-based runtime security monitoring (Tetragon/Falco) to cover container escape and anomalous syscall detection.
• Track CVEs for NVIDIA GPU drivers, CUDA, NCCL, UFM, BMC firmware, and other critical components. Lead the Americas regional vulnerability response and patch window negotiations.
• Lead Americas regional IAM and privileged access management by deploying jump host solutions (Teleport / Boundary), JIT access, and privileged session recording/auditing.
• Lead the configuration and operations of perimeter firewalls, IPS, and WAF for all three Americas AIDCs.
• Engage DDoS scrubbing services (Cloudflare Magic Transit, Arbor, or equivalent) and build robust Americas regional DDoS response plans.
• Establish east-west traffic baselines based on NetFlow / IPFIX to identify anomalous traffic patterns (data exfiltration, C2 communication, lateral movement).
• Configure BGP RPKI, source address validation (uRPF), and other network-layer security controls.
• Plan and deploy traffic analysis solutions (e.g., Panabit NTM) at Americas AIDCs to enable full traffic traceability at physical boundaries.
• Serve as the security incident response interface for Americas customers. Respond to customer-submitted security tickets, abuse complaints (cryptomining, unauthorized scanning, illegal content), and incident notifications.
• Handle US law enforcement requests (FBI, DEA, Secret Service, local police) including subpoenas, search warrants, and preservation orders. Collaborate closely with Legal to respond within statutory windows.
• Establish Americas regional customer security incident SLA tracking and post-incident review mechanisms.
• Establish seamless security collaboration mechanisms between the Americas and Singapore HQ via daily handoffs, weekly syncs, incident bridges, and on-call escalation paths.
• Serve as the Americas regional compliance support interface. Partner with the Singapore GRC Manager to provide the evidence collection and control implementation needed for SOC 2 US scope expansion.
• Represent Bitdeer AI Cloud Security within local US security communities and industry events (BSides, DEF CON, Cloud Security Alliance US).

Benefits

• Equal employment opportunities in accordance with country, state, and local laws.