Staff Security Engineer, Infrastructure

We’re looking for a Security Engineer, Infrastructure to secure the core systems that power fal.ai’s platform: GPU compute, multi-cloud environments, networking, and data pipelines. You’ll operate across the full stack, from cloud and Kubernetes to identity, networking, and secrets, designing and implementing security controls that scale with a high-performance AI platform. This role is highly hands-on and systems-oriented, sitting at the intersection of security, infrastructure, and distributed systems.

Design and implement security controls across:

• Cloud infrastructure
• Kubernetes and containerized workloads
• Networking, service meshes, and edge systems
• CI/CD pipelines and deployment systems
• Secure compute environments for GPU workloads and model execution

• Machine identity and workload authentication
• Secrets management and encryption (e.g., Vault, KMS)
• Least-privilege access and short-lived credentials
• Implement Zero Trust principles across infrastructure

• Protect model weights, inference endpoints, and customer data
• Design secure data access pathways and isolation mechanisms
• Ensure safe multi-tenant execution environments

• Build security guardrails directly into infrastructure and CI/CD
• Use Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaults
• Continuously identify and remediate security gaps through automation

• Identify and mitigate risks across infrastructure layers
• Defend against both external attackers and insider threats
• Drive projects like network isolation, encryption, and secure service communication

• Partner with platform, infra, and ML teams to drive shift-left security
• Enable engineers to move fast with secure-by-default systems
• Contribute to a strong security culture across the company

• 8+ years in security engineering, infrastructure, or SRE
• Strong understanding of:
• Cloud security (AWS, GCP, or Azure)
• Networking fundamentals (segmentation, firewalls, Zero Trust)
• Linux systems and container security (Docker, Kubernetes)
• Experience building or securing production infrastructure at scale

Deep knowledge of:

• Authentication & authorization systems
• Secrets management and cryptography basics
• Common vulnerabilities and attack vectors
• Ability to design security controls across multiple layers (infra → app)

• Proficiency in at least one language (Go, Python, or similar)
• Experience with Infrastructure-as-Code (Terraform preferred)
• Strong automation mindset—security should scale with systems

Experience with:

• GPU infrastructure or ML systems
• Multi-tenant platform isolation
• Service mesh / zero-trust architectures
• High-growth startup environments

• Work on cutting-edge AI infrastructure security (not just SaaS)
• Secure GPU clusters, model execution, and real-time inference systems
• High ownership: design systems from first principles
• Direct impact on developer trust and platform reliability

• Secure-by-default > bolt-on security
• Enable developers, don’t block them
• Automate everything
• Assume breach, design for resilience

You’ll help define what security looks like for the next generation of AI infrastructure—where performance, scale, and safety all matter.