Head of AI Cloud Security Operations - Americas

About The Position

Requirements

• Bachelor's degree or higher in Computer Science, Cybersecurity, Computer Engineering, or a related technical field.
• 10+ years of hands-on information security experience, with at least 5 years strictly focused on cloud infrastructure / IaaS / data center security technical operations roles (not pure management or documentation roles).
• Deep incident response experience as an Incident Commander, having successfully led at least 5 P0/P1 security incidents end-to-end.
• Thoroughly familiar with the NIST SP 800-61 IR process.
• Deep expertise in Linux system security, network protocols, TCP/IP, virtualization (KVM/QEMU), and container/Kubernetes security.
• Hands-on experience with at least one mainstream SIEM platform (Wazuh / Splunk / Elastic SIEM / Sentinel) and the ability to independently write detection rules.
• Familiarity with the SIGMA rule format is required.
• Familiar with the MITRE ATT&CK Framework (Cloud Matrix and Container Matrix) with a proven ability to design detection coverage assessments.
• Strong scripting and programming skills: Python (Required) + Shell (Required); Go or Rust are highly preferred.
• Ability to independently develop security tools and automation scripts.
• Familiarity with the eBPF technology stack (Tetragon / Falco / Cilium) and a strong understanding of its application in cloud-native runtime security.
• Familiarity with at least one IaC tool (Terraform / Ansible) and standard Git workflows to codify security configurations.
• At least one of the following industry certifications is required: GCIH, GCIA, GCFA, OSCP, CISSP, CCSP.
• Professional fluency in both English and Mandarin Chinese is required.
• Must be able to communicate effectively in English with US customers, MSSPs, law enforcement, and auditors, and in Mandarin with the Singapore HQ team and management for complex technical discussions and strategic reporting.
• Willingness to accept irregular working hours.
• Must participate in a 7x24 on-call rotation during major incidents and conduct daily cross-time-zone coordination with Singapore HQ (SGT).

Nice To Haves

• Go or Rust programming languages are highly preferred.

Responsibilities

• Serve as the primary on-call security lead for the Americas region, owning 7x24 alert triage, incident response, and root cause analysis for AIDCs in CA, TN, WA, and beyond.
• Act as the primary security decision-maker during Americas business hours (PST 09:00–18:00) when Singapore HQ is offline.
• Personally drive the response to high-severity incidents (P0/P1) including GPU cluster cryptojacking, ransomware, data exfiltration, and tenant escape scenarios, leading the full forensics, containment, and recovery cycle.
• Build and maintain Americas regional incident response playbooks and runbooks, collaborating with the global SecOps team on SIEM detection rules, SOAR automation, and IR tabletop exercises.
• Lead customer security incident response, handling customer tickets, engaging customer security teams, and coordinating with Sales and Customer Success on external communications.
• Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents.
• Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios.
• Design detection coverage assessments based on the MITRE ATT&CK Cloud Matrix and Container Matrix, proactively identifying and closing visibility blind spots.
• Lead hypothesis-driven threat hunting activities, conducting at least two structured hunting campaigns per month and producing comprehensive hunting reports and new detection rules.
• Design runtime detection capabilities using eBPF tools (Tetragon, Falco, Cilium) to complement traditional HIDS detection blind spots.
• Operationalize detection-as-code practices in the Americas region, including version-controlled detection rules, CI/CD pipelines, unit testing, and coverage metrics.
• Lead pre-production security readiness assessments for all Americas AIDCs, covering perimeter networks, OOB management networks, BMC/IPMI hardening, KVM/QEMU virtualization baselines, GPU isolation validation, and InfiniBand configuration reviews.
• Personally drive host hardening initiatives, including Linux baselines (CIS Benchmarks), auditd configuration, SSH hardening, privileged account management, and firmware/microcode CVE tracking.
• Partner with the Platform Engineering team to deploy eBPF-based runtime security monitoring (Tetragon/Falco) to cover container escape and anomalous syscall detection.
• Track CVEs for NVIDIA GPU drivers, CUDA, NCCL, UFM, BMC firmware, and other critical components, leading the Americas regional vulnerability response and patch window negotiations.
• Lead Americas regional IAM and privileged access management by deploying jump host solutions (Teleport / Boundary), JIT access, and privileged session recording/auditing.
• Lead the configuration and operations of perimeter firewalls, IPS, and WAF for all three Americas AIDCs.
• Engage DDoS scrubbing services (Cloudflare Magic Transit, Arbor, or equivalent) and build robust Americas regional DDoS response plans.
• Establish east-west traffic baselines based on NetFlow / IPFIX to identify anomalous traffic patterns.
• Configure BGP RPKI, source address validation (uRPF), and other network-layer security controls.
• Plan and deploy traffic analysis solutions (e.g., Panabit NTM) at Americas AIDCs to enable full traffic traceability at physical boundaries.
• Serve as the security incident response interface for Americas customers, responding to customer-submitted security tickets, abuse complaints, and incident notifications.
• Handle US law enforcement requests (FBI, DEA, Secret Service, local police) including subpoenas, search warrants, and preservation orders, collaborating closely with Legal.
• Establish Americas regional customer security incident SLA tracking and post-incident review mechanisms.
• Establish seamless security collaboration mechanisms between the Americas and Singapore HQ via daily handoffs, weekly syncs, incident bridges, and on-call escalation paths.
• Serve as the Americas regional compliance support interface, partnering with the Singapore GRC Manager to provide evidence collection and control implementation for SOC 2 US scope expansion.
• Represent Bitdeer AI Cloud Security within local US security communities and industry events (BSides, DEF CON, Cloud Security Alliance US).