Information Security Engineer, Bare Metal

Fluidstack•Austin, TX

16h•$230,000 - $310,000

About The Position

Frontier AI runs on bare metal — and the bare metal it runs on has to be trustworthy from the silicon up. As Fluidstack's Information Security Engineer for Bare Metal, you'll own the security of the physical fleet powering some of the most important AI workloads in the world. This is a deeply technical, hands-on role for an engineer who thinks in firmware, kernels, and packet flows, and who wants the rare opportunity to design fleet-wide security controls from a clean slate rather than inherit someone else's compromises. You'll work at the intersection of hardware, operating systems, and network security in an environment where performance margins are thin, customer trust is paramount, and the threat model includes nation-state-level adversaries. The systems you build will protect tens of thousands of GPUs and the workloads of customers whose models will shape the next decade of computing.

Requirements

7+ years of experience in an Information Security or Infrastructure Engineering role, with a strong focus on bare metal, IaaS, or high-scale cloud infrastructure.
Deep practical experience with Linux operating system hardening (e.g., SELinux, AppArmor, kernel-level security).
Expert-level knowledge of network security principles, including TCP/IP, VPNs, firewall rulesets, and zero-trust concepts.
Proven ability to implement and manage encryption technologies, including disk-level encryption (e.g., LUKS) and hardware-level encryption.
Strong scripting and automation skills in languages such as Python, Go, or Rust, and experience with configuration management tools (e.g., Ansible, Puppet, Chef).
Understanding of hardware security modules (HSMs) and trusted computing concepts (e.g., TPM/TXT).
Excellent problem-solving and communication skills, with the ability to work collaboratively across engineering teams.

Nice To Haves

Experience with specific BMC platforms (e.g., OpenBMC, Dell iDRAC, HPE iLO).
Familiarity with compliance standards relevant to bare metal environments (e.g., SOC 2, ISO 27001, FedRAMP).
Experience with hardware-level root of trust and secure boot implementations.
Relevant security certifications (e.g., CISSP, OSCP, CEH).

Responsibilities

Fleet lifecycle security. End-to-end security for every server in our bare metal fleet — from supply chain and provisioning through hardening, operation, and secure decommissioning.
Hardened OS images. Design and maintain the golden images that run our production and development environments, including automated vulnerability scanning, patch pipelines, and configuration drift detection.
BMC security. Define and enforce the security model for baseboard management controllers: access control, credential rotation, audit logging, and firmware integrity. BMCs are one of the most under-defended surfaces in the industry; you'll make ours the exception.
Network security. Partner with network engineering on micro-segmentation, IDS/IPS, and firewall architecture for the bare metal environment, with zero-trust principles applied from the ToR up.
Storage and data protection. Implement data-at-rest encryption, key management, and secure access for local and networked storage at fleet scale.
Security automation. Build the tooling that makes secure-by-default the path of least resistance: configuration management, policy-as-code, and continuous compliance checks across the fleet.
Detection and response. Integrate monitoring tailored to bare metal infrastructure and act as a responder for incidents touching the physical fleet.
Threat modeling and review. Lead security reviews and threat modeling for new hardware platforms, network designs, and infrastructure changes — shaping decisions before they're locked in.