Staff Corporate Security Engineer

Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster. We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI. We're looking for problem‑solving, opportunity‑finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services. If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high‑performing team that believes in each other, come build with us at Crusoe. About This Role Crusoe is building the world’s favorite AI‑first cloud infrastructure. We are seeking a Staff Corporate Security Engineer to act as the principal architect for our corporate security posture. In this role, you will move beyond tactical tool management to design high‑assurance, preventative systems that safeguard our identity perimeter, global network, and SaaS ecosystem. As a senior technical leader, you will build a “Secure by Default” environment where security is seamlessly embedded into the employee experience. What You’ll Be Working On Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity‑aware, perimeter‑less access models Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions Implementing Binary Authorization and device trust mechanisms, leveraging hardware‑backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks Architecting AI‑native security frameworks, including governance and secure gateways for agent‑based systems (e.g., MCP), ensuring all AI‑driven actions are auditable and aligned with zero‑trust principles Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just‑In‑Time (JIT) access workflows to eliminate standing privileges Defining and executing a “Crown Jewels” security methodology, identifying and remediating high‑risk vulnerabilities (e.g., IDOR, role‑by‑pass) across critical systems What You’ll Bring to the Team 8+ years of experience designing and implementing Zero Trust, SASE, and modern identity‑based security architectures Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack Experience implementing device trust, endpoint security, and hardware‑backed identity solutions Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns Knowledge of email security, phishing mitigation, and session security controls Experience identifying and mitigating application‑layer vulnerabilities such as IDOR and privilege escalation risks Familiarity with emerging AI security challenges, including governance of agent‑based systems and secure orchestration patterns Strong architectural mindset with the ability to design preventative, scalable security systems Excellent communication skills and ability to influence security decisions across engineering and business teams Bonus Points Experience implementing CASB platforms and enterprise DLP solutions at scale Familiarity with Model Context Protocol (MCP) or similar AI orchestration frameworks Experience building “Secure by Default” environments in high‑growth organizations Background in cloud‑native or AI infrastructure environment Benefits Competitive compensation and equity packages Restricted Stock Units Paid time off, paid holidays & leave of absence programs Comprehensive health, dental & vision insurance Employer contributions to HSA account Paid parental leave Paid life insurance, short‑term and long‑term disability Professional development & tuition reimbursement Mental health & wellness support Commuter benefits (parking & transit) Cell phone stipend 401(k) Retirement plan with company match up to 4% of salary Volunteer time off Global travel insurance & emergency assistance Daily meals allowance Additional perks & programs specific to location Compensation Range Compensation will be paid in the range of up to $210,000 - $255,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant’s knowledge, education, and abilities, as well as internal equity and alignment with market data. Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation. #J-18808-Ljbffr