AI Cloud Security Operations Lead - Americas

About Bitdeer Technologies Group

Bitdeer is a world-leading technology company for AI and Bitcoin mining infrastructure.

Bitdeer is committed to providing comprehensive Bitcoin mining solutions for its customers and building AI computational infrastructure to support the AI revolution. Bitdeer handles complex processes involved in computing such as equipment procurement, transport logistics, data center design and construction, equipment management, and daily operations. Bitdeer also offers advanced cloud capabilities to customers with high demand for artificial intelligence.

Headquartered in Singapore, Bitdeer has deployed data centers across multiple countries, including the United States, Norway, Bhutan, and Ethiopia.

About the Role

As Bitdeer AI Cloud's first dedicated hands-on security leader for the Americas, you will own the full-stack security and 7×24 security operations of AI Data Centers (AIDCs) across California, Tennessee, Washington, and future locations.

This is a deeply hands-on technical operations role. You will personally lead detection engineering, incident response, host/network hardening, while also handling US customer incident response, law enforcement requests, and cross-time-zone coordination with our Singapore HQ.

Core Mission: Despite the 12–16 hour time difference with Singapore HQ, you will ensure the GPU compute business across three Americas AIDCs runs securely across physical, network, host, virtualization, and customer operations layers, while driving incident MTTR to industry-leading levels.

Key Responsibilities

1. AIDC Security Operations & 7×24 Incident Response

• Regional Ownership: Serve as the primary on-call security lead for the Americas region. Own 7×24 alert triage, incident response, and root cause analysis for AIDCs in CA, TN, WA, and beyond. Act as the primary security decision-maker during Americas business hours (PST 09:00–18:00) when Singapore HQ is offline.
• Hands-on IR: Personally drive the response to high-severity incidents (P0/P1) including GPU cluster cryptojacking, ransomware, data exfiltration, and tenant escape scenarios. Lead the full forensics, containment, and recovery cycle.
• Playbook & Automation: Build and maintain Americas regional incident response playbooks and runbooks. Collaborate with the global SecOps team on SIEM detection rules, SOAR automation, and IR tabletop exercises.
• Escalation & Communication: Lead customer security incident response—handle customer tickets, engage customer security teams, and coordinate with Sales and Customer Success on external communications. Serve as the Americas escalation interface, coordinating decisions with Singapore HQ, Legal, and business teams during major incidents.

2. Detection Engineering & Threat Hunting

• Rule Development: Personally write SIEM detection rules (Wazuh, Splunk, Elastic SIEM, or equivalent) covering typical GPU cloud attack scenarios: anomalous GPU utilization/cryptojacking, anomalous SSH logins, container escape, Kubernetes API abuse, and InfiniBand network anomalies.
• Framework Alignment: Design detection coverage assessments based on the MITRE ATT&CK Cloud Matrix and Container Matrix. Proactively identify and close visibility blind spots.
• Threat Hunting: Lead hypothesis-driven threat hunting activities. Conduct at least two structured hunting campaigns per month, producing comprehensive hunting reports and new detection rules.
• Cloud-Native Detection: Design runtime detection capabilities using eBPF tools (Tetragon, Falco, Cilium) to complement traditional HIDS detection blind spots.
• Detection-as-Code: Operationalize detection-as-code practices in the Americas region, including version-controlled detection rules, CI/CD pipelines, unit testing, and coverage metrics.

3. AIDC Infrastructure Security Hardening

• Pre-Production Assessment: Lead pre-production security readiness assessments for all Americas AIDCs. This covers perimeter networks, OOB management networks, BMC/IPMI hardening, KVM/QEMU virtualization baselines, GPU isolation validation (MIG/vGPU/Time-Slicing), and InfiniBand SM-key/M-key/P-key configuration reviews.
• Host Hardening: Personally drive host hardening initiatives, including Linux baselines (CIS Benchmarks), auditd configuration, SSH hardening, privileged account management, and firmware/microcode CVE tracking.
• Platform Collaboration: Partner with the Platform Engineering team to deploy eBPF-based runtime security monitoring (Tetragon/Falco) to cover container escape and anomalous syscall detection.
• Vulnerability Management: Track CVEs for NVIDIA GPU drivers, CUDA, NCCL, UFM, BMC firmware, and other critical components. Lead the Americas regional vulnerability response and patch window negotiations.
• Access Control: Lead Americas regional IAM and privileged access management by deploying jump host solutions (Teleport / Boundary), JIT access, and privileged session recording/auditing.

4. Network Security & Perimeter Defense

• Perimeter Security: Lead the configuration and operations of perimeter firewalls, IPS, and WAF for all three Americas AIDCs.
• DDoS Mitigation: Engage DDoS scrubbing services (Cloudflare Magic Transit, Arbor, or equivalent) and build robust Americas regional DDoS response plans.
• Traffic Analysis: Establish east-west traffic baselines based on NetFlow / IPFIX to identify anomalous traffic patterns (data exfiltration, C2 communication, lateral movement).
• Network Controls: Configure BGP RPKI, source address validation (uRPF), and other network-layer security controls.
• Traceability: Plan and deploy traffic analysis solutions (e.g., Panabit NTM) at Americas AIDCs to enable full traffic traceability at physical boundaries.

5. Customer Incident Response & Law Enforcement Requests

• Abuse & Tickets: Serve as the security incident response interface for Americas customers. Respond to customer-submitted security tickets, abuse complaints (cryptomining, unauthorized scanning, illegal content), and incident notifications.
• Legal Liaison: Handle US law enforcement requests (FBI, DEA, Secret Service, local police) including subpoenas, search warrants, and preservation orders. Collaborate closely with Legal to respond within statutory windows.
• SLA Tracking: Establish Americas regional customer security incident SLA tracking and post-incident review mechanisms.

6. Cross-Time-Zone Coordination & Regional Security Construction

• HQ Sync: Establish seamless security collaboration mechanisms between the Americas and Singapore HQ via daily handoffs, weekly syncs, incident bridges, and on-call escalation paths.
• Compliance Support: Serve as the Americas regional compliance support interface. Partner with the Singapore GRC Manager to provide the evidence collection and control implementation needed for SOC 2 US scope expansion.
• Community Engagement: Represent Bitdeer AI Cloud Security within local US security communities and industry events (BSides, DEF CON, Cloud Security Alliance US).

Job Requirements

• Education: Bachelor's degree or higher in Computer Science, Cybersecurity, Computer Engineering, or a related technical field.
• Experience: 10+ years of hands-on information security experience, with at least 5 years strictly focused on cloud infrastructure / IaaS / data center security technical operations roles (not pure management or documentation roles).
• Incident Command: Deep incident response experience as an Incident Commander, having successfully led at least 5 P0/P1 security incidents end-to-end. Thoroughly familiar with the NIST SP 800-61 IR process.
• Technical Depth: Deep expertise in Linux system security, network protocols, TCP/IP, virtualization (KVM/QEMU), and container/Kubernetes security.
• SIEM & Rules: Hands-on experience with at least one mainstream SIEM platform (Wazuh / Splunk / Elastic SIEM / Sentinel) and the ability to independently write detection rules. Familiarity with the SIGMA rule format is required.
• Frameworks: Familiar with the MITRE ATT&CK Framework (Cloud Matrix and Container Matrix) with a proven ability to design detection coverage assessments.
• Automation & Code: Strong scripting and programming skills: Python (Required) + Shell (Required) ; Go or Rust are highly preferred . Ability to independently develop security tools and automation scripts.
• Cloud-Native Tech: Familiarity with the eBPF technology stack (Tetragon / Falco / Cilium) and a strong understanding of its application in cloud-native runtime security.
• Infrastructure as Code: Familiarity with at least one IaC tool (Terraform / Ansible) and standard Git workflows to codify security configurations.
• Certifications: At least one of the following industry certifications is required: GCIH, GCIA, GCFA, OSCP, CISSP, CCSP.
• Language Fluency: Professional fluency in both English and Mandarin Chinese is required. Must be able to communicate effectively in English with US customers, MSSPs, law enforcement, and auditors, and in Mandarin with the Singapore HQ team and management for complex technical discussions and strategic reporting.
• Scheduling: Willingness to accept irregular working hours. Must participate in a 7×24 on-call rotation during major incidents and conduct daily cross-time-zone coordination with Singapore HQ (SGT).

--------------------------------------------------------------------

Bitdeer is committed to providing equal employment opportunities in accordance with country, state, and local laws. Bitdeer does not discriminate against employees or applicants based on conditions such as race, color, gender identity and/or expression, sexual orientation, marital and/or parental status, religion, political opinion, nationality, ethnic background or social origin, social status, disability, age, indigenous status, and union.