Назад
Company hidden
3 дня назад

Lead Security Engineer and Architect

210 000 - 240 000$
Тип работы
fulltime
Грейд
lead
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Lead Security Engineer and Architect (Security/Architecture): Own system, network, and host security end-to-end for an on-prem, Kubernetes-based AI factory with an accent on network segmentation, IDS/IPS, host hardening, and identity & access controls. Focus on building high-signal detection pipelines (SIEM/telemetry) and leading incident response from triage through forensics while balancing “Default to Open” information sharing with customer data and IP protection.

Company

hirify.global builds a causal AI platform used by large enterprises to make decisions using trusted causal evidence.

What you will do

  • Design and implement security controls across on-prem environments, including network segmentation, firewalling, IDS/IPS, and traffic analysis on Kubernetes.
  • Build and enforce host security using EDR, kernel telemetry, and fleet hardening/baseline implementation.
  • Own identity and access: AuthN/AuthZ, RBAC, and service identity using OIDC, SAML, and mTLS.
  • Stand up incident-detection pipelines (SIEM, metrics, endpoint telemetry) and lead incident response end to end: triage, containment, recovery, root-cause analysis, and forensics.
  • Balance enablement over restriction while protecting customer data and IP (patents and trade secrets) under a “Default to Open” model.
  • Partner with Legal and the CISO to obtain needed compliance certifications and support customer security questions; hire and mentor as the security function grows.

Requirements

  • 8+ years of security engineering, infrastructure, or related experience.
  • Strong Linux system security and networking experience (e.g., SSH certificates, directory-based authentication).
  • Strong Kubernetes security experience (RBAC, tenant isolation, admission control).
  • Proven experience securing on-prem environments (not only public cloud).
  • Hands-on incident leadership with familiarity with attacker techniques (lateral movement, persistence, exfiltration) and depth in EDR, IDS/IPS, and SIEM.
  • Strong command of OIDC, SAML, mTLS, and cryptography-based storage security; ability to write code and automate tooling (Python or similar) plus IaC (Terraform, Ansible).

Culture & Benefits

  • On-site role based in San Francisco (San Francisco HQ).
  • Market-based compensation with new hires earning 50%+ above current benchmarks; most recent San Francisco benchmark data: $210K–$240K.
  • Generous equity program with an ownership mindset.
  • Security approach emphasizes enablement and “Default to Open” while still protecting customer data and IP.
  • Direct reporting to CTO/CISO with technical autonomy and decision ownership.

Hiring process

  • Interviews focused on security architecture ownership, hands-on incident/detection experience, and practical Kubernetes/on-prem security depth.
  • Discussion of how “Default to Open” constraints affect security design and tradeoffs.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →