Infrastructure & Application Security Engineer

About Traversal Traversal is the AI Site Reliability Engineer (SRE) for the enterprise—already trusted by some of the largest companies in the world to troubleshoot, remediate, and even prevent the most complex production incidents. Our mission is to free engineers from endless firefighting and enable them to focus on creative, high-impact work. Our roots remain deeply embedded in AI research, and we’re channeling that scientific rigor and creativity into building the premier AI agent lab for the enterprise. Hence, what we’re proudest of is assembling the most talented yet nicest group of individuals, including researchers from MIT, Harvard, and Berkeley, to world‑class engineers from industry: Citadel Securities, Cockroach Labs, Datadog, DE Shaw, ServiceNow, Glean, Perplexity, Pinecone, and more, to take on one of the hardest problems for AI to solve. Without the entire team, none of this would be possible. The Role As an Infrastructure & Application Security Engineer at Traversal, you’ll help build our security program from the ground up by shipping real systems, controls, and tooling that engineers use every day. This is a zero-to-one, builder‑first role for someone who likes security, likes security and enjoys working across modern cloud infrastructure and backend systems, and wants to turn risk into working guardrails that are automated, measurable, and low‑friction. You’ll work at the intersection of Kubernetes security and platform primitives, service‑to‑service security (including Istio Ambient), and application security for Python APIs in a multi‑tenant SaaS environment. You’ll collaborate closely across engineering teams, with a focus on implementing and deploying mechanisms—not writing slide decks. Because this role will help shape security practices across the company, it also requires someone who can drive change beyond their own code: building consensus, influencing teams, improving workflows and processes, and communicating clearly enough to turn good security ideas into durable, organization‑wide ways of working. Responsibilities Kubernetes Security Guardrails: Architect and enforce baseline controls (RBAC, Pod Security, network policies). Draft the rollout strategy, exception workflows, and developer documentation to ensure cluster‑wide adoption. Service‑to‑Service Security: Implement Istio Ambient patterns for secure communication. Develop debuggable telemetry and “how‑to” guides to support app teams through incremental rollout phases. Application Security (Python APIs): Ship “paved‑road” FastAPI libraries and templates. Act as a technical consultant to evangelize secure authn/authz, input validation, and abuse protection patterns. Multi‑Tenant Isolation: Encode isolation invariants into runtime enforcement and automated detectors. Communicate technical isolation standards clearly to stakeholders during design and review cycles. Secrets Governance: Standardize storage and rotation across all workloads. Drive cross‑functional migration from legacy patterns to auditable, default‑safe consumption. Secure Delivery Pipelines: Build preventative GitOps and CI/CD controls. Provide actionable, jargon‑free security feedback directly within developer workflows to minimize friction. Threat Modeling & Strategy: Lead threat modeling for new features. Translate complex risks into technical specs and executive‑level summaries that influence the engineering roadmap. Operational Resilience: Convert incident lessons into durable guardrails. Lead blameless post‑mortems and communicate findings to improve the organization’s security culture. Requirements Production‑grade Kubernetes security experience , including RBAC, workload hardening, network policies/segmentation, and enforcement mechanisms (admission control and/or policy‑as‑code). Strong Python application security experience securing APIs and services, including robust authentication/authorization design and practical abuse prevention. Strong AWS security fundamentals (IAM, least privilege, encryption, segmentation) applied through deployable controls and repeatable patterns. Proven track record shipping automated guardrails —controls that enforce, emit metrics, and include pragmatic rollout/exception workflows that keep teams moving. High ownership and execution ability in a zero‑to‑one environment, with crisp written communication and strong risk judgment that preserves developer velocity. Generalist mindset: Comfortable moving across Kubernetes/platform layers, CI/CD, and Python services as needed to get the program built and adopted. Nice to Have Experience with service mesh security (Istio, including Ambient mode). Familiarity with multi‑tenant SaaS authorization models and tenant isolation guarantees. Experience building security developer platforms (paved roads, templates, internal libraries). Background in observability tooling (metrics/logs/traces) or production reliability engineering. Compensation We offer competitive compensation, startup equity, health insurance, and additional benefits. The U.S. base salary range for this full‑time, in‑person role in New York is $200,000 - $350,000, plus equity and benefits. Our salary ranges are based on location, level, and role. Individual compensation is determined by experience, skills, and job‑related knowledge. Why You Should Join Us We’ll make sure you’re fully supported with health insurance, a great tech setup, flexible time off, and plenty of in‑office snacks. We offer competitive salary and equity packages, and take thoughtful consideration with every hire on our small, high‑impact team. Traversal is fully in‑office, 5 days a week, based in New York near Madison Square Park. We have a collaborative, hard‑working culture and are energized by building the future of AI‑powered software maintenance. Working here means owning meaningful parts of the product, having the flexibility to move fast, and learning constantly. This is a place to grow your career, make a real impact, and help define a new category of infrastructure software. #J-18808-Ljbffr