SUMMARYWe are seeking an Infrastructure as Code (IaC) Security Engineer to design, build, and maintain secure, scalable, and automated infrastructure solutions that underpin our AI security development platform. This role is responsible for owning the IaC layer across our container and orchestration stack-including EKS, Docker, and Helm-ensuring that all infrastructure is provisioned securely, repeatably, and in compliance with security best practices. The ideal candidate will embed security into every phase of infrastructure automation, from Terraform modules to CI/CD pipelines, enabling the AI security team to deliver rapidly without compromising the integrity of our environments.
Key Responsibilities
- Design, implement, and maintain secure Infrastructure as Code solutions for cloud and containerized environments supporting AI security workloads.
- Own and manage EKS clusters, including node group configurations, networking policies, RBAC, and pod security standards to support secure AI model development and deployment.
- Develop and maintain hardened Terraform modules, configurations, and reusable infrastructure patterns with built-in security controls (e.g., least-privilege IAM, encryption-at-rest, network segmentation).
- Build and manage Docker images and Helm charts with security-first principles-image scanning, minimal base images, secrets management, and signed artifacts.
- Integrate security guardrails into CI/CD pipelines, including automated policy checks (e.g.,
- OPA/Gatekeeper, Checkov, tfsec) for infrastructure deployments.
- Automate environment provisioning, scaling, configuration, and release processes with a focus on immutable infrastructure and drift detection.
- Collaborate with AI security engineers, platform teams, and DevSecOps to ensure infrastructure supports threat modeling, vulnerability management, and incident response requirements.
- Troubleshoot and remediate infrastructure security issues across Kubernetes, Terraform, CI/CD, and container platforms.
- Enforce infrastructure compliance with organizational security policies, regulatory frameworks (e.g., NIST, CIS Benchmarks), and operational best practices.
- Document secure infrastructure patterns, deployment runbooks, and automation workflows for the AI security development team.
Requirements- Bachelor's degree preferred and/or equivalent relevant experience considered.
- Strong hands-on experience designing and implementing secure Infrastructure as Code solutions in cloud and containerized environments.
- Deep production experience managing Kubernetes, including EKS cluster administration, networking, RBAC, and workload security.
- Strong experience with Terraform, including development of reusable modules and secure infrastructure provisioning patterns.
- Hands-on experience building and managing Docker images and Helm charts for containerized deployments.
- Experience integrating infrastructure automation into CI/CD pipelines with automated validation and deployment workflows.
- Strong understanding of infrastructure security best practices, including IAM, encryption, secrets management, and network segmentation.
- Experience troubleshooting and remediating issues across Kubernetes, Terraform, containers, and deployment pipelines.
- Ability to collaborate effectively with engineering, platform, and DevSecOps teams in a fast-paced environment.
Preferred Qualifications
- Experience supporting AI, ML, or security-focused platform workloads in Kubernetes-based environments.
- Experience with AWS and cloud-native services related to container orchestration, networking, and infrastructure automation.
- Familiarity with infrastructure security and policy enforcement tools such as OPA/Gatekeeper, Checkov, tfsec, or similar solutions.
- Knowledge of compliance and security frameworks such as NIST, CIS Benchmarks, or related infrastructure governance standards.
