Principal Infrastructure Security Engineer

Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster. We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI. We're looking for problem‑solving, opportunity‑finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services. If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high‑performing team that believes in each other, come build with us at Crusoe. About This Role As the Principal Infrastructure Security Engineer, you will serve as the visionary lead for securing Crusoe’s next‑generation AI cloud infrastructure. This is a role for an industry‑recognized security expert who has operated at hyperscale and understands how to systematically dismantle infrastructure risk. You are stepping in at a critical evolutionary phase: leading the architectural shift to a true zero‑trust, identity‑first fabric. In this position, you will bridge the gap between hardware roots‑of‑trust and the cloud control plane. You will tackle complex challenges across the entire stack, from hardware‑level supply chain vulnerabilities and BMC hardening to securing public build environments and implementing cryptographically attested workload identities. You aren't just securing a cloud; you are defining the security standard for the age of generative AI infrastructure while directly driving our enterprise security roadmap. What You’ll Be Working On Platform Security Services: Lead the architectural transition to a zero‑trust network by driving the adoption of Workload Identity (SPIRE/SPIFFE) and enforcing mutual TLS (mTLS) with encryption, authorization policy enforcement across all service‑to‑service communications. Eradicating Static Credentials: Architect and deploy Just‑in‑Time (JIT) access models, temporary credentials (PAM), and granular machine identities to systematically eliminate static credentials and API keys across the infrastructure. Full‑Stack Supply Chain Security: Architect and enforce security controls across the entire supply chain spectrum: from firmware and bare‑metal (hardening BMC administration and establishing verifiable roots‑of‑trust) up through the hypervisor, VM layer, cloud control plane, and CI/CD build environments (GitLab). Enterprise Data Security & Secrets Management: Drive the technical delivery of highly requested enterprise trust features, including Customer‑Managed Encryption Keys (CMEK) and an internal Secrets‑as‑a‑Service platform (Vault‑aaS). Runtime Integrity & Advanced Threat Defense: Lead the deployment of host‑level controls using eBPF and Falco‑class tooling for kernel lockdown, audit expansion, and immutable logging to detect and prevent threats in real‑time. Network & Hardware Isolation: Guide the security architecture for SDN 2.0 (OVN sharding per tenant), secure VPC peering, and private connectivity (IPsec VPN, VPC Interface Endpoints) to ensure rigorous tenant isolation without an AI workload performance tax. Executive Advisory & Prioritization: Act as a trusted advisor to leadership, synthesizing ambiguous systemic signals — from endpoint and SaaS risks to deep infrastructure vulnerabilities — into clear engineering action plans and RFCs. What You’ll Bring to the Team Hyperscale Provenance: 12+ years of experience in infrastructure security, security architecture, or production engineering, with significant tenure at a major cloud provider (e.g., AWS, GCP, Azure) or specialized high‑performance computing environment. Identity & Zero Trust Mastery: Deep, hands‑on architectural expertise with modern identity frameworks (SPIFFE/SPIRE, OIDC, OAuth 2.0) and a proven track record of successfully rolling out mTLS and temporary credentialing at scale. Supply Chain & Pipeline Security: Strong experience securing public/private build environments, enforcing CI/CD pipeline integrity, and mitigating risks across software, firmware, and hardware supply chains. Deep Systems & Kernel Authority: Authoritative knowledge of OS‑level security, Linux kernel internals, hypervisor isolation boundaries, and runtime integrity tooling (eBPF, Falco). Hardware‑to‑Software Security: Proven experience securing bare‑metal infrastructure, including Baseboard Management Controller (BMC) hardening, TPMs, Secure Boot, and out‑of‑band management networks. Coding & Automation Fluency: Strong ability to read, review, and write code (Go, Python, Rust, or C/C++) to automate security guardrails and prototype secure systems. Communication Mastery: The rare ability to explain the nuances of hypervisor supply chain risks to an engineer, and the business value of CMEK to executive leadership and enterprise customers. Mandatory Education: A Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cybersecurity, or a related field (or equivalent professional experience). Bonus Points AI/ML Workload Expertise: Direct experience securing massive‑scale GPU clusters, LLM training pipelines, or highly sensitive AI datasets. Open Source Leadership: Maintainer status or major contributions to CNCF security tools (e.g., SPIFFE/SPIRE, Falco, OPA) or the Linux Kernel. Corporate & IT Security Crossover: Experience partnering with IT security to mitigate endpoint, SaaS (Okta, Google Workspace), and insider risks that bridge the corporate and production boundaries. Benefits Competitive compensation and equity packages Restricted Stock Units Paid time off, paid holidays & leave of absence programs Comprehensive health, dental & vision insurance Employer contributions to HSA account Paid parental leave Paid life insurance, short‑term and long‑term disability Professional development & tuition reimbursement Mental health & wellness support Commuter benefits (parking & transit) Cell phone stipend 401(k) Retirement plan with company match up to 4% of salary Volunteer time off Global travel insurance & emergency assistance Daily meals allowance Additional perks & programs specific to location Compensation Range Compensation will be paid in the range of up to $280,000 - $330,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's knowledge, education, and abilities, as well as internal equity and alignment with market data. Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation. #J-18808-Ljbffr Crusoe