You9ll own cloud and infrastructure security at a company where tenant isolation is a critical enterprise requirement. Mercor9s customers - including frontier AI labs - need hard guarantees that their data stays within strict boundaries. This is not a compliance checkbox role. You9ll architect multi-account AWS isolation, harden Kubernetes clusters, deploy cloud security posture management, and build the infrastructure that lets Mercor serve enterprise clients who demand the highest security bar. We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate infrastructure review and policy authoring, and automating away the repetitive work that slows infrastructure security down. If you9d rather write a Terraform module than fill out a spreadsheet, you9ll fit in here. We9re in-person five days a week at our SF headquarters, with first Fridays remote. **What You9ll Build:** - Multi-account AWS tenant isolation architecture - dedicated accounts, SCPs, network boundaries, and data segregation for enterprise clients - Cloud security posture management using Wiz CSPM - continuous monitoring, misconfiguration detection, and automated remediation - Kubernetes security hardening - pod security standards, network policies, secrets management, and runtime protection - Infrastructure-as-code security guardrails - Terraform/CloudFormation policies that prevent insecure deployments before they reach production - IAM architecture and least-privilege access controls across AWS, Snowflake, and internal services - Incident response infrastructure - logging pipelines, forensic readiness, and blast radius containment **What We9re Looking For** - Deep AWS security expertise - you9ve architected multi-account strategies, written SCPs, and hardened production environments - Experience with Kubernetes security in production - not just tutorials, you9ve secured real clusters running real workloads - Strong infrastructure-as-code skills - Terraform, CloudFormation, or Pulumi - you think in code, not console clicks - Experience with CSPM/CNAPP platforms (Wiz, Prisma Cloud, or similar) - deploying, tuning, and driving remediation - Understanding of network security at the cloud level - VPCs, security groups, transit gateways, PrivateLink - You9ve designed tenant isolation for multi-tenant SaaS - data segregation, compute isolation, network boundaries - 5+ years of professional experience in cloud security, infrastructure security, or platform/SRE engineering with a strong security focus **Bonus Points** - Experience with Snowflake security - schema-level isolation, access controls, data sharing governance - Familiarity with container runtime security (Falco, SentinelOne Cloud Workload Protection, or similar) - Offensive cloud security skills - you9ve exploited misconfigurations and understand the attacker9s perspective - Experience building compliance-ready infrastructure (SOC 2, ISO 27001, FedRAMP) - You9ve handled cloud security incidents - forensics, containment, and root cause analysis in AWS - Contributions to open source infrastructure security tools **Why Mercor** - The deliverable is concrete. Enterprise clients require tenant isolation as a baseline. You9ll build infrastructure that directly enables the business. - AI-native infrastructure security. You9ll use frontier AI tools daily - for policy authoring, misconfiguration analysis, and anything that benefits from an AI co-pilot. - Ownership from day one. You9ll own the entire cloud security domain - from AWS architecture to Kubernetes hardening to CSPM operations. - See the future early. Working alongside AI labs means you9ll understand frontier model capabilities months before the market.