Staff Security Engineer

Topaz Labs•Dallas, TX

5h•Onsite

About The Position

We use AI to do things that were previously impossible. Topaz Labs builds professional-grade software that uses deep learning to enhance image and video quality. Over 1 million photographers and designers trust us with their work, including teams at Apple, Netflix, NASA, and Disney . We’ve processed over 1 billion images, achieved massive revenue growth, and we’re only getting started.We are a small, profitable, and product-led team that values craftsmanship and impact over activity. We don’t just ship features; we solve hard problems to help creatives do their best work. As our first Principal Security Engineer , you will own the security posture for the entire organization —from the cloud to the colo, and from the training cluster to the office network.This is not a high-level compliance role. You will be reporting directly to the Head of AI Engine , but your scope spans the entire company. You must be willing to get your hands dirty.We operate a hybrid infrastructure: AWS, massive on-premise GPU training clusters in our colocation facility, and a corporate fleet of devices. Your mission is to secure every layer of this stack. You will have complete autonomy to architect security for our compute resources, manage office/colo networks, and harden our endpoints.

Requirements

7+ years of experience in security engineering, with a mix of infrastructure, corporate IT, and offensive security.
Deep hands-on experience with cloud security and compliance (AWS, IAM, VPC, SOC II, Vanta).
Proven experience with Endpoint Management & Identity: Expert-level knowledge of Jamf for macOS management and Active Directory (or modern equivalents) for identity governance.
Physical & Network Security: Experience securing physical office networks and colocation facilities (firewalls, VPNs, switching).
Offensive Security: Demonstrated ability to perform manual penetration testing (network and web app).
Proficiency in scripting (Python/Bash) to automate security tasks.

Nice To Haves

Experience securing on-device software or desktop applications (Windows/macOS).

Responsibilities

Secure the Hybrid Infrastructure (AWS & Colo): You will be the single owner for security across our cloud environments and our physical colocation data centers. This includes configuring firewalls, managing physical network security, and hardening our Linux GPU clusters.
Corporate & Endpoint Security: You will own the security of our internal tools and devices. You will manage our fleet (primarily macOS) using Jamf and oversee identity management via Active Directory . You ensure our creative workflows are secure without being obstructive.
Hands-On Penetration Testing: We don't just rely on external audits. You will regularly conduct hands-on penetration tests against our internal networks, office infrastructure, and AI applications to find vulnerabilities before anyone else does.
Secure the AI Supply Chain: Our models are our most valuable IP. You will design systems to protect our model weights during training, storage, and delivery, ensuring they are tamper-proof and secure from theft or reverse engineering.

Benefits

strong base salary, plus significant ownership that scales with the company's growth
100% covered medical/dental/vision for employees
15 days annual PTO
5 personal days plus holidays
401k matching

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume