Infrastructure Security Engineer

About The Position

Requirements

• 6+ years of experience in infrastructure engineering, platform security, or a combined DevSecOps role
• Hands-on experience designing and operating PKI systems: CA hierarchies, certificate provisioning at scale, key management, and revocation
• Strong GCP or equivalent cloud infrastructure experience (IAM, VPC, Secret Manager, Cloud KMS, audit logging)
• Experience with Infrastructure as Code (Terraform or equivalent)
• Solid understanding of TLS, mTLS, code signing, and secure boot concepts in the context of connected devices or IoT
• Experience with CI/CD security: signing pipelines, artifact attestation, secrets hygiene
• Able to operate independently in a fast-paced environment where the security playbook is still being written
• Ability to relocate to work at the Skip Bay Area office
• Sense of humour, tolerant of Aussie & Canadian spelling

Nice To Haves

• Experience securing IoT or embedded device fleets at scale, including OTA update security
• Familiarity with embedded security primitives: secure elements, TrustZone, TPM, or hardware attestation
• Background in compliance frameworks relevant to connected medical or consumer devices (SOC 2, ISO 27001, FDA cybersecurity guidance)
• Experience with BLE security and wireless protocol hardening
• Experience in start-up environments
• Personal motivation to improve human movement

Responsibilities

• Design and operate Skip's PKI infrastructure -- device certificate provisioning, certificate authority management, key lifecycle management, and revocation -- across our device fleet and cloud services
• Own device identity and secure boot: ensure every MO/GO that leaves our factory is cryptographically authenticated and that firmware updates can only come from Skip
• Harden our GCP infrastructure across networking, IAM, secrets management, and data isolation between Dev and Prod environments
• Build and maintain security tooling for secrets management, vulnerability scanning, dependency auditing, and incident detection
• Define and implement secure OTA (over-the-air) update pipelines that ensure firmware integrity from signing through delivery to device
• Automate infrastructure provisioning and security configuration using Terraform and GCP-native tooling
• Partner with firmware engineers to define embedded security requirements -- secure element usage, TrustZone, attestation -- and ensure cloud-side infrastructure meets them
• Contribute to compliance readiness as we approach regulated market entry, including audit logging, access controls, and data handling practices
• Wear prototypes several hours a week to participate in data collection, test new builds, and provide feedback
• Bring joy to the team, participate in embarrassing team events, tolerate KZ's terrible music choices

Benefits

• Skip is an equal opportunity employer. Our hiring decisions are based on need and competence to satisfy said need. We do not discriminate on the basis of race, religion, color, gender, sexual orientation, gender identity, age, marital status, veteran status, disability status, or any other legally protected status. Any and all offers of employment extended by Skip are conditional on candidates’ ability to provide satisfactory proof of eligibility to maintain full-time employment in the United States.