Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world’s most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.
We’re in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We’re solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.
We’re looking for problem‑solving, opportunity‑finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.
If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high‑performing team that believes in each other, come build with us at Crusoe.
About This RoleAs the Principal Infrastructure Security Engineer, you will serve as the visionary lead for securing Crusoe’s next‑generation AI cloud infrastructure. This is a role for an industry‑recognised security expert who has operated at hyperscale and understands how to systematically dismantle infrastructure risk. You are stepping in at a critical evolutionary phase: leading the architectural shift to a true zero‑trust, identity‑first fabric.
In this position, you will bridge the gap between hardware roots‑of‑trust and the cloud control plane. You will tackle complex challenges across the entire stack, from hardware‑level supply chain vulnerabilities and BMC hardening to securing public build environments and implementing cryptographically attested workload identities. You aren’t just securing a cloud; you are defining the security standard for the age of generative AI infrastructure while directly driving our enterprise security roadmap.
WhatYou’ll Be Working On
Platform Security Services: Lead the architectural transition to a zero‑trust network by driving the adoption of Workload Identity (SPIRE/SPIFFE) and enforcing mutual TLS (mTLS) with encryption, authorization policy enforcement across all service‑to‑service communications.
Eradicating Static Credentials: Architect and deploy Just‑in‑Time (JIT) access models, ephemeral credentials (PAM), and granular machine identities to systematically eliminate static credentials and API keys across the infrastructure.
Full‑Stack Supply Chain Security: Architect and enforce security controls across the entire supply chain spectrum: from firmware and bare‑metal (hardening BMC administration and establishing verifiable roots‑of‑trust) up through the hypervisor, VM layer, cloud control plane, and CI/CD build environments (Git Lab).
Enterprise Data Security & Secrets Management: Drive the technical delivery of highly requested enterprise trust features, including Customer‑Managed Encryption Keys (CMEK) and an internal Secrets‑as‑a‑Service platform (Vault‑aaS).
Runtime Integrity & Advanced Threat Defense: Lead the deployment of host‑level controls using eBPF and Falco‑class tooling for kernel lockdown, audit expansion, and immutable logging to detect and prevent threats in real‑time.
Network & Hardware Isolation: Guide the security architecture for SDN 2.0 (OVN sharding per tenant), secure VPC peering, and private connectivity (IPsec VPN, VPC Interface Endpoints) to ensure rigorous tenant isolation without an AI workload performance tax.
Executive Advisory & Prioritization: Act as a trusted advisor to leadership, synthesising ambiguous systemic signals—from endpoint and SaaS risks to deep infrastructure vulnerabilities—into clear engineering action plans and RFCs.
Hyperscale Provenance: 12+ years of experience in infrastructure security, security architecture, or production engineering, with significant tenure at a major cloud provider (e.g., AWS, GCP, Azure) or specialised…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: