Staff Infrastructure Engineer (Generalist)
About The Position
Crusoe's mission is to accelerate the abundance of energy and intelligence. We’re seeking a Staff Infrastructure Security Engineer to secure the foundations of Crusoe Cloud, our purpose-built compute platform for AI and high-performance workloads. This role focuses on designing and embedding security controls directly into our global infrastructure, enabling customers to train advanced models within a trusted, secure-by-default environment. You’ll operate at the intersection of infrastructure, security, and reliability; architecting identity, network, and cloud security systems that scale with a high-growth cloud provider.
Requirements
- 8+ years of hands-on experience in infrastructure engineering, SRE, or security engineering
- Deep understanding of security principles across the stack, from Linux and container runtimes to cloud control planes
- Proven experience using Infrastructure-as-Code (Terraform) to manage complex, multi-environment infrastructure at scale
- Strong knowledge of cryptography, secrets management, PKI, and modern authentication standards
- Experience securing public cloud (AWS, GCP) and/or bare-metal environments
- Strong networking fundamentals, including routing, segmentation, firewalls, and Zero Trust architectures
- Hands-on experience with Kubernetes and container security, including secure secrets injection into microservices
- Fluency in at least one programming language (Go or Python preferred) for automation and tooling
Nice To Haves
- Experience building or operating internal security platforms (e.g., Vault-as-a-Service)
- Background securing high-scale cloud or AI infrastructure
- Experience implementing Zero Trust identity architectures end-to-end
- Familiarity with bare-metal provisioning and data center security considerations
Responsibilities
- Architecting security controls across compute, networking, and storage layers of a global cloud platform
- Championing Infrastructure-as-Code (IaC) standards (e.g., Terraform) to enforce secure defaults, immutability, and drift detection
- Building automated security guardrails embedded directly into CI/CD and deployment pipelines
- Collaborating on a centralized Vault-as-a-Platform service to manage secrets, encryption keys, and internal PKI
- Designing and operating certificate lifecycles (X.509, SSH) to support secure machine-to-machine trust
- Driving adoption of short-lived, Just-In-Time (JIT) access models to reduce standing privileges and improve auditability
- Securing core network foundations, including global DNS architecture, service discovery, and network authentication systems
- Designing and maintaining authentication controls for network infrastructure to ensure secure, monitored access
- Partnering closely with infrastructure, platform, and SRE teams to identify and remediate security gaps in foundational systems
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
