Security Engineer

Staff Security Engineer

Topaz Labs is a product‑led company building professional‑grade software that uses deep learning to enhance image and video quality. Over 1 million photographers and designers trust us, including teams at Apple, Netflix, NASA, and Disney. We’ve processed over 1 billion images, achieved massive revenue growth, and are only getting started. We are a small, profitable team that values craftsmanship and impact over activity.

• Secure the Hybrid Infrastructure (AWS & colo). Owned by you: configure firewalls, manage physical network security, and harden Linux GPU clusters.
• Corporate & endpoint security. Own internal tools and devices, manage a macOS fleet via Jamf, and oversee identity management via Active Directory.
• Protect creative workflows without being obstructive.
• Hands‑on penetration testing of internal networks, office infrastructure, and AI applications to find vulnerabilities before external audits.
• Secure the AI supply chain. Design systems to protect model weights during training, storage and delivery, ensuring they are tamper‑proof and secure from theft or reverse engineering.

• Hands‑on generalist: comfortable configuring IAM policy in AWS as well as setting up a switch in a colocation rack or writing a script for Jamf.
• Craftsmanship mentality: build robust, elegant, secure systems by default. Don’t just patch holes; eliminate entire classes of vulnerabilities.
• Infrastructure native. Fluent in Linux internals, networking, and container orchestration. Understand security challenges of cloud, distributed, and HPC environments.
• Values truth over comfort. Willing to have hard conversations about risk and prioritize fixing root causes over band‑ages.
• Think like an attacker. Proactively probe our defenses (office, colo, cloud) to prove they work.

• 7+ years of experience in security engineering with a mix of infrastructure, corporate IT, and offensive security.
• Deep hands‑on experience with cloud security and compliance (AWS, IAM, VPC, SOC II, Vanta).
• Proven experience with endpoint management & identity: expert‑level knowledge of Jamf for macOS and Active Directory (or modern equivalents) for identity governance.
• Physical & network security: experience securing physical office networks and colocation facilities (firewalls, VPNs, switching).
• Offensive security: demonstrated ability to perform manual penetration testing (network and web app). Proficiency in scripting (Python/Bash) to automate security tasks.
• Bonus: experience securing on‑device software or desktop applications (Windows/macOS).

Do you meet most but not 100 % of the above? We still want to hear from you – we are passionate about developing a diverse team and culture, so please apply if you’re interested.

This is a unique role for someone looking to make a deep impact at a high‑growth tech software company. We offer a strong base salary, plus significant ownership that scales with the company's growth. 100 % covered medical/dental/vision for employees, 15 days annual PTO, 5 personal days plus holidays, and 401 k matching.

Full‑time onsite role in Dallas, TX. If you’re not currently in Dallas, relocation will be required.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

We are committed to equal opportunity employment and encourage applications from people of all backgrounds.