Senior Software Security Engineer

Software Security Engineer

Spectro Cloud lets organizations around the world run AI infrastructure at scale - without losing control. A rapidly growing number of Global 5000 and government organizations across the US and EMEA are choosing Spectro Cloud to design, deploy, and manage full-stack AI and modern infrastructure across edge, data center, and cloud.

Whether they are building AI factories, scaling edge inferencing, or managing multi-cloud, multi-cluster Kubernetes fleets, customers are relying on Spectro Cloud's unified orchestration plane to deliver the control, efficiency, and architectural flexibility needed to operate at scale without vendor lock-in. We're backed by top-tier investors and we're just getting started!

About the Team

We are a rapidly growing startup seeking a highly skilled, hands-on Software Security Engineer to embed security across our engineering lifecycle, with a primary focus on hardening our Kubernetes-based production platform.

This is a builder role for someone who thrives on securing real systems, not just writing policies. You will drive threat modeling, secure code reviews, and the design and implementation of security controls, actively contributing to platform defense.

You will own security end-to-end across our platform and product, including vulnerability management, security architecture reviews, and incident response. You will focus on vulnerabilities and misconfigurations across the platform, ensuring Kubernetes environments are secure, compliant, and continuously monitored. Engineering teams confidently rely on security tooling and controls the Security initiatives you will put in place will proactively improve developer velocity ("shift left") and be an enabler of product deliver - not a bottleneck

What You'll Do

Technical Leadership and Execution

• Design, implement, and operate security controls for Kubernetes-based production platforms
• Harden containers, nodes, and cluster configurations to meet production-grade security standards
• Conduct in-depth security reviews of infrastructure using IaC practices (Terraform, Helm, GitOps)
• Implement and automate security enforcement via scripts, policies, and tooling (e.g., OPA, Kyverno, admission controllers)
• Perform architecture and design reviews with a focus on least privilege, defense-in-depth, and attack surface reduction
• Advance platform security monitoring through logging, alerting, and SIEM integrations
• Build automation (Bash, Python, Go) to scale security operations and reduce manual effort
• Apply AI/ML techniques to detect anomalous behavior, zero-day threats, and advanced attack patterns
• Leverage AI-driven tools for policy generation, risk scoring, and remediation prioritization
• Develop approaches to identify configuration drift and misconfigurations across Kubernetes and IaC environments

Security and Operations Management

• Lead and evolve incident response processes; act as a primary escalation point when needed
• Conduct blameless post-mortems and ensure timely remediation of security gaps
• Own vulnerability management across platform, cloud, and application layers
• Strengthen security posture through baseline standardization and operational readiness
• Oversee secrets management, encryption strategies, and access control policies

Team Culture & Cross-Functional Collaboration

• Champion a "Security as Code" mindset and promote shared ownership through Security Champions programs
• Balance startup speed with scalable, long-term security practices
• Partner closely with engineering teams to embed security into development workflows (DevSecOps)
• Collaborate with SRE on platform hardening, incident response, and reliability improvements
• Clearly communicate security risks and posture to technical and executive stakeholders

Minimum Qualifications

• 6+ years of experience in Software Security, Product Security, or DevSecOps
• 2+ years in a technical leadership or mentorship role
• Deep, hands-on expertise in Kubernetes security and cloud-native systems
• Strong experience securing Linux, containers, and cloud platforms (AWS, GCP, or Azure)
• Proven track record managing real-world security incidents in production environments
• Strong programming/scripting skills (Go, Python, Bash, or similar)
• Solid understanding of compliance frameworks (FIPS, CIS, STIG) and their practical application
• Hands-on experience with image hardening and secure system configurations
• Experience driving penetration testing programs and managing external vendors

Preferred Qualifications

• Experience building or scaling DevSecOps programs in a startup environment
• Familiarity with tools such as Falco, Tenable, Elastic, Trivy
• Knowledge of service meshes, network policies, and runtime security
• Strong background in threat modeling and secure system design
• Relevant certifications (CKS, CISSP, CCSP, GSEC, etc.)

What We Offer

• Compensation: $185,000 (Base + Bonus) + Equity, based on experience
• Benefits: Comprehensive medical, dental, and vision coverage. 100% coverage for employees, 90% for dependents
• Retirement: Access to a retirement savings plan
• Time Off: Flexible time off, including 12 paid holidays
• Perks: Catered lunches on in-office days, mobile/internet reimbursement

Location: This position is based at the HQ office in San Jose, with an onsite requirement of three days per week. Visa Support: Applicants are required to be eligible to lawfully work in the country of work; we are unable to provide sponsorship for this opportunity.

The Hiring Process

At Spectro Cloud, we highly value your time and dedication throughout the hiring process. Therefore, we aim to ensure that our interactions are efficient and focused on delivering value.

Our interview process for this role typically comprises of three stages:

• Interview Round 1: Kubernetes Baseline Gate (Mandatory) Candidates must demonstrate deep expertise with one of the following:
• Active CISSP and CKA / CKAD / CKS certification
• Demonstrable hands-on Kubernetes/platform with product security experience (Proof is required during application)
• Interview Round 2: Directed Product Self-Learning Candidates are given a curated documentation reading list (docs.spectrocloud.com) to filter for motivation, learning agility, and the ability to absorb platform knowledge, mirroring real-world expectations. Product Security interviews will be conducted with these learned topics from the above site.
• Interview Round 3: Technical Assessment Candidates must demonstrate expertise in the below topics:
• Platform Architecture, Applied Kubernetes Fundamentals, Day-2 Operations, Security, Troubleshooting
• Candidates must assume engineering is unavailable and solve security issues independently