Role Overview
Crusoe is hiring a Principal Infrastructure Security Engineer. This is a full-time role in San Francisco, CA -. Part of Crusoe's Risk hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.
We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.
We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.
If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe.
About This Role:
As the Principal Infrastructure Security Engineer, you will serve as the visionary lead for securing Crusoe’s next-generation AI cloud infrastructure. This is a role for an industry-recognized security expert who has operated at hyperscale and understands how to systematically dismantle infrastructure risk. You are stepping in at a critical evolutionary phase: leading the architectural shift to a true zero-trust, identity-first fabric.
In this position, you will bridge the gap between hardware roots-of-trust and the cloud control plane. You will tackle complex challenges across the entire stack, from hardware-level supply chain vulnerabilities and BMC hardening to securing public build environments and implementing cryptographically attested workload identities. You aren't just securing a cloud; you are defining the security standard for the age of generative AI infrastructure while directly driving our enterprise security roadmap.
What You’ll Be Working On:
- Platform Security Services: Lead the architectural transition to a zero-trust network by driving the adoption of Workload Identity (SPIRE/SPIFFE) and enforcing mutual TLS (mTLS) with encryption, authorization policy enforcement across all service-to-service communications.
- Eradicating Static Credentials: Architect and deploy Just-in-Time (JIT) access models, ephemeral credentials (PAM), and granular machine identities to systematically eliminate static credentials and API keys across the infrastructure.
- Full-Stack Supply Chain Security: Architect and enforce security controls across the entire supply chain spectrum: from firmware and bare-metal (hardening BMC administration and establishing verifiable roots-of-trust) up through the hypervisor, VM layer, cloud control plane, and CI/CD build environments (GitLab).
- Enterprise Data Security & Secrets Management: Drive the technical delivery of highly requested enterprise trust features, including Customer-Managed Encryption Keys (CMEK) and an internal Secrets-as-a-Service platform (Vault-aaS).
- Runtime Integrity & Advanced Threat Defense: Lead the deployment of host-level controls using eBPF and Falco-class tooling for kernel lockdown, audit expansion, and immutable logging to detect and prevent threats in real-time.
- Network & Hardware Isolation: Guide the security architecture for SDN 2.0 (OVN sharding per tenant), secure VPC peering, and private connectivity (IPsec VPN, VPC Interface Endpoints) to ensure rigorous tenant isolation without an AI workload performance tax.
- Executive Advisory & Prioritization: Act as a trusted advisor to leadership, synthesizing ambiguous systemic signals—from endpoint and SaaS risks to deep infrastructure vulnerabilities—into clear engineering action plans and RFCs.
What You’ll Bring to the Team:
- Hyperscale Provenance: 12+ years of experience in infrastructure security, security architecture, or production engineering, with significant tenure at a major cloud provider (e.g., AWS, GCP, Azure) or specialized high-performance computing environment.
- Identity & Zero Trust Mastery: Deep, hands-on architectural expertise with modern identity frameworks (SPIFFE/SPIRE, OIDC, OAuth 2.0) and a proven track record of successfully rolling out mTLS and ephemeral credentialing at scale.
- Supply Chain & Pipeline Security: Strong experience securing public/private build environments, enforcing CI/CD pipeline integrity, and mitigating risks across software, firmware, and hardware supply chains.
- Deep Systems & Kernel Authority: Authoritative knowledge of OS-level security, Linux kernel internals, hypervisor isolation boundaries, and runtime integrity tooling (eBPF, Falco).
- Hardware-to-Software Security: Proven experience securing bare-metal infrastructure, including Baseboard Management Controller (BMC) hardening, TPMs, Secure Boot, and out-of-band management networks.
- Coding & Automation Fluency: Strong ability to read, review, and write code (Go, Python, Rust, or C/C++) to automate security guardrails and prototype secure systems.
- Communication Mastery: The rare ability to explain the nuances of hypervisor supply chain risks to an engineer, and the business value of CMEK to executive leadership and enterprise customers.
- Mandatory Education: A Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cybersecurity, or a related field (or equivalent professional experience).
Bonus Points:
- AI/ML Workload Expertise: Direct experience securing massive-scale GPU clusters, LLM training pipelines, or highly sensitive AI datasets.
- Open Source Leadership: Maintainer status or major contributions to CNCF security tools (e.g., SPIFFE/SPIRE, Falco, OPA) or the Linux Kernel.
- Corporate & IT Security Crossover: Experience partnering with IT security to mitigate endpoint, SaaS (Okta, Google Workspace), and insider risks that bridge the corporate and production boundaries.
Benefits
- Competitive compensation and equity packages
- Restricted Stock Units
- Paid time off, paid holidays & leave of absence programs
- Comprehensive health, dental & vision insurance
- Employer contributions to HSA account
- Paid parental leave
- Paid life insurance, short-term and long-term disability
- Professional development & tuition reimbursement
- Mental health & wellness support
- Commuter benefits (parking & transit)
- Cell phone stipend
- 401(k) Retirement plan with company match up to 4% of salary
- Volunteer time off
- Global travel insurance & emergency assistance
- Daily meals allowance
- Additional perks & programs specific to location
Compensation Range
Compensation will be paid in the range of up to $280,000 - $330,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's knowledge, education, and abilities, as well as internal equity and alignment with market data.
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.
About Crusoe
Frequently Asked Questions
How do I apply for the Principal Infrastructure Security Engineer position at Crusoe?
Use the Apply button above to submit your application directly to Crusoe. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Where is the Principal Infrastructure Security Engineer position at Crusoe located?
This position is based in San Francisco, CA -. Crusoe has not indicated remote or hybrid options for this role, so candidates should plan for on-site work.
What does a Principal Infrastructure Security Engineer at Crusoe earn?
Crusoe has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Principal Infrastructure Security Engineer role at Crusoe posted?
This role was posted on June 9, 2026 (30 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
Similar Jobs
More Jobs at Crusoe
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start