Security Engineer, Cloud Infrastructure

You’ll own cloud and infrastructure security at a company where tenant isolation is a critical enterprise requirement. Mercor's customers - including frontier AI labs - need hard guarantees that their data stays within strict boundaries. This is not a compliance checkbox role. You’ll architect multi‑account AWS isolation, harden Kubernetes clusters, deploy cloud security posture management, and build the infrastructure that lets Mercor serve enterprise clients who demand the highest security bar.

We use AI heavily in our own security work. You should be comfortable building alongside AI code‑gen tools, using LLMs to accelerate infrastructure review and policy authoring, and automating away the repetitive work that slows infrastructure security down. If you’d rather write a Terraform module than fill out a spreadsheet, you’ll fit in here.

We’re in‑person five days a week at our SF headquarters, with first Fridays remote.

• Multi‑account AWS tenant isolation architecture – dedicated accounts, SCPs, network boundaries, and data segregation for enterprise clients
• Cloud security posture management using Wiz CSPM – continuous monitoring, misconfiguration detection, and automated remediation
• Kubernetes security hardening – pod security standards, network policies, secrets management, and runtime protection
• Infrastructure‑as‑code security guardrails – Terraform/Cloud Formation policies that prevent insecure deployments before they reach production
• IAM architecture and least‑privilege access controls across AWS, Snowflake, and internal services
• Incident response infrastructure – logging pipelines, forensic readiness, and blast radius containment

• Deep AWS security expertise – you’ve architected multi‑account strategies, written SCPs, and hardened production environments
• Experience with Kubernetes security in production – not just tutorials, you’ve secured real clusters running real workloads
• Strong infrastructure‑as‑code skills – Terraform, Cloud Formation, or Pulumi – you think in code, not console clicks
• Experience with CSPM/CNAPP platforms (Wiz, Prisma Cloud, or similar) – deploying, tuning, and driving remediation
• Understanding of network security at the cloud level – VPCs, security groups, transit gateways, Private Link
• You’ve designed tenant isolation for multi‑tenant SaaS – data segregation, compute isolation, network boundaries
• 5+ years of professional experience in cloud security, infrastructure security, or platform/SRE engineering with a strong security focus

• Experience with Snowflake security – schema‑level isolation, access controls, data sharing governance
• Familiarity with container runtime security (Falco, Sentinel One Cloud Workload Protection, or similar)
• Offensive cloud security skills – you’ve exploited misconfigurations and understand the attacker’s perspective
• Experience building compliance‑ready infrastructure (SOC 2, ISO 27001, FedRAMP)
• You’ve handled cloud security incidents – forensics, containment, and root cause analysis in AWS
• Contributions to open‑source infrastructure security tools

• The deliverable is concrete. Enterprise clients require tenant isolation as a baseline. You’ll build infrastructure that directly enables the business.
• AI‑native infrastructure security. You’ll use frontier AI tools daily – for policy authoring, misconfiguration analysis, and anything that benefits from an AI co‑pilot.
• Ownership from day one. You’ll own the entire cloud security domain – from AWS architecture to Kubernetes hardening to CSPM operations.
• See the future early. Working alongside AI labs means you’ll understand frontier model capabilities months before the market.