Director of Platform and Product Security

About The Position

Requirements

• 15+ years in security engineering, with at least 5 years in a leadership role managing security engineers across more than one domain.
• Deep hands-on experience designing and operating security controls for Kubernetes-orchestrated production infrastructure.
• Proven experience with admission control, RBAC, network policy, runtime security, workload isolation, and multi-tenant boundary enforcement.
• Strong understanding of securing platforms that run customer workloads you do not control, including shared responsibility boundaries.
• Experience owning product security or application security programs, including threat modeling, secure SDLC, and developer-facing security practices.
• Ability to design security controls with performance impact and deployment velocity in mind.
• Strong engineering orientation with the ability to engage directly on architecture, code, and tooling decisions.
• Experience securing workloads in multi-cloud environments across AWS, GCP, and/or Azure, including IAM, account governance, configuration management, and posture monitoring.
• Familiarity with the security implications of AI-assisted development, including prompt injection, insecure code generation, and over-reliance on AI review.

Nice To Haves

• Preferred experience in GPU, HPC, or AI workload environments.
• Exposure to tools such as CSPM platforms, Sigstore, Cosign, Terraform, OPA Gatekeeper, Kyverno, Go, or Python.

Responsibilities

• Own the security architecture and controls for Nscale’s Kubernetes-based infrastructure, including workload isolation, admission control, RBAC, runtime enforcement, and tenant boundary integrity.
• Secure customer production workloads by defining and strengthening controls at the boundary between Nscale’s infrastructure responsibilities and customer-managed workloads.
• Drive encryption standards and key management across platform services, covering data at rest, data in transit, and cryptographic practices across internal and customer-facing services.
• Supply Chain and Deployment Security: Build and operate image integrity and supply chain security capabilities, including image signing, provenance verification, and base image governance.
• Embed security into deployment pipelines with security gates that support delivery speed rather than block it.
• Establish safe deployment practices and rollback mechanisms for issues identified during release or operation.
• Own the security of software built and deployed on the Nscale platform through threat modeling, secure design review, and early security requirements in the development lifecycle.
• Build and scale application security tooling, including SAST, SCA, DAST, and secrets detection, integrated into CI/CD.
• Strengthen service security across the platform, including authentication and authorization between services, API security, and secure communication patterns.
• Partner directly with engineering teams to identify, prioritize, and remediate vulnerabilities.
• AI-Assisted Development Governance: Enable the safe use of AI coding tools across engineering teams.
• Define secure usage patterns for AI-assisted development workflows.
• Evaluate risks in AI-generated code, including insecure code generation patterns, prompt injection concerns, and over-reliance on AI review.
• Integrate security checks into AI-assisted development processes to support secure scale-up.

Benefits

• Highly competitive US compensation package (base + bonus + equity), with performance reviews every 12 months.
• Dynamic progression plan tailored to your ambitions.
• Flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments.
• Medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation.