AI Platform Security Engineer
Listed on 2026-07-04
-
IT/Tech
Cybersecurity, Cloud Computing: Infrastructure & Operations
Kai is the AI company rebuilding cybersecurity for the machine-speed era. Founded by second time founders and trusted by Fortune 500 enterprises, Kai is building a future where security has no categories, no silos, and nohumanspeed bottlenecks.
The Kai Agentic Platform replaces fragmented, human-limited workflows with agentic AI systems that continuously contextualize, assess, reason,and execute security work at the speed of thought-making human defenders, superhuman.
We’re looking for an AI
Platform Security Engineer todrivethe security of the Azure infrastructure that powersthe Kai AI-native cybersecurity product.
This role centers on the security ofthe cloud foundation, data platform, AI/ML infrastructure, and internal developer platform thatthe product depends on.
This is a deeply technical, infrastructure-focused role.
You’llwork closely with Platform Engineering, Dev Ops, Data Engineering, andAI/MLOpsteams to ensure that the systems, pipelines, and environments underpinning our product are designed, built, andoperatedsecurely.
- Generous compensation:
We offer highly competitive salaries, equity options, and a supportive work environment. Your contributions will be valued and rewarded as we grow together.
- Own the end-to-end securityinfrastructurearchitecture of our Azure environment, including landing zone design, management group and subscription structure, network topology, and resource governance.
- Enforce and continuously improve guardrails using Azure Policy, Cloud security posture management (CSPM), and infrastructure-as-code (IaC) security scanning (Checkov,tfsec, or equivalent).
- Manage and mature the Azure network security model: hub-and-spoke topology, NSG and Azure Firewall rule governance, Private Endpoints, and DDoS protection controls.
- Lead cloudinfrastructuresecurity posture reviews,drive downmisconfigurations, and own the organization’s Secure Score improvement roadmap.
- Maintain and harden Azure landing zones, ensuring new workloads are provisioned into a secure-by-default environment.
- Drivethe organization’s cloud identity and access management strategy, including Entra t configuration, Privileged Identity Management (PIM), Conditional Access policies, and workload identity (managed identities, federated credentials, service principals).
- Enforce least-privilege IAM across all Azure subscriptions and resources; conduct regular access reviews and entitlement hygiene campaigns.
- Architect andoperatethe enterprise secrets management program using Azure Key Vault with HSM-backed keys, including key rotation automation, certificate lifecycle management, and developer-facing secrets injection patterns.
- Define and enforce policies for human and non-human identities across CI/CD systems, internal tooling, and AI/ML workloads.
- Secure the Azure Kubernetes Service (AKS) platform: cluster hardening, node pool configuration, admission control (OPA/Gatekeeper,Kyverno), runtime security, and network policy enforcement.
- Own container security standards: base image governance, image signing and provenance (Notary, Cosign), container registry security (Azure Container Registry), and vulnerability scanning integration in the build pipeline.
- Maintain and improve Pod Security Standards, workload identity binding (Azure Workload Identity), and namespace-level security isolation.
- Collaborate with Platform Engineering on the internal developer platform (IDP) to ensure that developer self-service pathways are built with security guardrails as first-class controls.
- Secure the data and AI/ML infrastructure layer.
- Define and enforce data security controls including storage encryption (CMK), data classification enforcement, network isolation for data services, and access boundary policies between training, staging, andproductionAI environments.
- Establish security controls for AI/ML pipelines: training data provenance and integrity, model artifact signing, inference endpoint hardening, and isolation of multi-tenant AI workloads.
- Work with Data Engineering andMLOpsteams to ensure AI infrastructure changes go through security review and that data access patterns are auditable and compliant.
- Own the cloud-native detection and monitoring stack
- Develop andmaintaindetection rules and analytic content tuned to cloud infrastructure and AI platform threats (e.g., credential abuse, lateral movement, data exfiltration from AI workloads).
- Lead the infrastructure vulnerability management program: agent-based and agentless scanning across Azure VMs, AKS nodes, and container images; SLA-based remediation tracking; and patch compliance reporting.
- Own cloud incident response runbooks for infrastructure-layer security events and serve as the technical lead for cloud-scoped security incidents.
- Build…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).