×
Register Here to Apply for Jobs or Post Jobs. X

Network Security Engineer

Job in San Jose, Santa Clara County, California, 95199, USA
Listing for: Etched.ai, Inc.
Full Time position
Listed on 2026-06-30
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 120000 - 150000 USD Yearly USD 120000.00 150000.00 YEAR
Job Description & How to Apply Below

About Etched

Etched is building hardware for frontier intelligence. We co-design chips, racks, software, and manufacturing to deliver best-in-class throughput and latency across both prefill and decode workloads. Our first products are heavily focused on inference. Backed by hundreds of millions from top-tier investors and staffed by leading engineers, Etched is redefining the infrastructure layer for the fastest growing industry in history.

Job Summary

Etched's infrastructure spans some of the most sensitive compute environments in the industry: bare-metal HPC clusters running proprietary ASIC workloads, hybrid on-prem/cloud deployments, and internal tool chains that house irreplaceable chip design IP. As we scale from early silicon to production, securing these environments is foundational — not an afterthought.

As our first dedicated Network Security Engineer, you will own the design and implementation of Etched's network security posture end to end. You'll work alongside the infrastructure team to harden our physical and virtual networks, enforce least-privilege access to chip design environments, and build the detection and response capabilities that keep our most sensitive assets safe.

This is a high-ownership role for someone who wants to shape security architecture at a company building the compute infrastructure for the next decade of AI — not maintain someone else's stack.

Key Responsibilities
  • Design and implement a zero-trust network architecture across on-prem datacenters, multiple office locations, and multi-cloud platforms, including secure remote access that eliminates VPN sprawl without sacrificing engineer usability and speed
  • Define and enforce network segmentation policies that isolate sensitive ASIC development workflows from general infrastructure, customer access, validation labs, and manufacturing infrastructure
  • Balancing prevention and detection, deploy, tune, and operate NDR, IDS/IPS, and next-generation firewalls across our physical and virtual network fabric; build automation to continuously assess and enforce firewall rules, ACLs, and routing policies - treating network security configuration as code
  • Integrate and operate EDR/XDR, MDM/MAM, SASE, and CASB tooling in partnership with end-user and IT teams, enforcing unified DLP policies and device compliance posture across endpoint, cloud, and network control planes to eliminate data exfiltration risk
  • Own our vulnerability management process for network-layer exposure: scanning, prioritization, and remediation tracking in partnership with infrastructure engineers
  • Lead incident response for network-layer security events: detection, containment, root-cause analysis, and post-incident hardening
  • Partner with legal, compliance, and leadership to support regulatory requirements and customer security reviews as they arise
  • Architect and deploy network segmentation for our HPC clusters, isolating EDA tool traffic, ASIC simulation workloads, and CI pipelines from each other and from the corporate network
  • Architect and deploy a ZTNA-based corporate network that eliminates VPN sprawl and ensures end-user devices maintain a consistent security posture and seamless access to sensitive development environments - whether engineers are on-site, remote, or traveling - replacing location-dependent trust with continuous identity and device health verification
  • Design and implement a scalable NDR pipeline that ingests flow data across bare-metal switches and cloud VPCs, feeds a centralized SIEM, and generates actionable alerts with low false-positive rates
  • Develop runbooks and automated playbooks for the highest-probability incident scenarios - credential compromise, lateral movement, and exfiltration from IP-sensitive environments
  • Integrate EDR/XDR telemetry with SASE enforcement and CASB inline controls to build a unified DLP detection and response pipeline spanning endpoints, cloud SaaS, and the corporate network
  • Partner with end-user and IT teams to roll out MDM/MAM policies that containerize sensitive IP on engineer devices and enforce compliance-based conditional access across managed and unmanaged environments
You may be a good fit if you have…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary