We9re looking to expand our Cloud Infrastructure team with a Senior Infrastructure Engineer, Cloud Security to lead the security-facing evolution of our platform. We run hundreds of services in production, which enable us to process billions of transactions, consume multiple terabytes of data, and produce millions of logs per day - and our cloud security posture needs to evolve to match that scale. In this role, you will own the security posture of our cloud infrastructure while continuing to contribute to the day-to-day engineering work of the team. This includes: - Evolving our AWS account strategy, VPC design, and workload segmentation as our infrastructure footprint grows - Owning our firewalls, and edge security strategy across our cloud footprint - Enhancing our IaC security scanning, Terraform module governance, and pipeline security for our infrastructure deployments - Owning and evolving our vulnerability management, misconfiguration detection, and SIEM strategy - Setting the security bar for our AI products and AI-adjacent developer tooling, in partnership with product, InfoSec, and IT - Contributing to day-to-day Cloud Infrastructure work alongside your security specialty - Terraform reviews, platform backlog, on-call rotation You9ll join the Cloud Infrastructure team and partner with our InfoSec Program Manager and additional internal support teams to drive this work. We support millions of people to improve their financial lives, and this role ensures we can continue to do so securely and at scale. ABOUT YOU - You have 6+ years of hands-on cloud engineering experience, with substantial time spent on cloud security in production - IAM, network architecture, blast-radius reduction, and vulnerability management - You write production Terraform fluently and have experience authoring custom IaC security scanning rules, pinning module versions, and hardening CI/CD pipelines - You have deep experience in at least one major cloud (AWS preferred, GCP acceptable), including account strategy, network design, and least-privilege IAM - You treat detection as a product and have experience consolidating vulnerability and misconfiguration programs where tooling produced more noise than signal - You have evaluated SIEM approaches - vendor-hosted, self-operated, or hybrid - and can make a principled choice for a given organization9s scale and risk tolerance - You believe that secure defaults and paved roads are more effective than gates and approvals; low-friction compliance is the goal - You understand the security implications of LLMs, agents, and AI-enabled developer tooling, and can set a reasonable bar for their safe adoption - You work well on a collaborative Cloud Infrastructure team and partner effectively with InfoSec, IT, and parent-company security functions Bonus Points - You have led a cloud security migration or modernization project where you defined the vision, approach, and delivered the implementation. - You have built or open-sourced internal security tooling, libraries, or scanning rules that improved how teams work with cloud infrastructure. - You have experience translating compliance frameworks (SOC 2, PCI-DSS, or GLBA) into engineering controls without creating friction for development teams. - You have hands-on experience securing production AI or ML systems - including prompt injection defenses, agent sandboxing, or model supply chain risk. WE OFFER - Health, Dental & Vision Plans - Competitive Pay - 401k Matching - Unlimited PTO - Lunch daily (in-office only) - Snacks & Coffee (in-office only) - Commuter benefits (in-office only) Additional information: Salary range of $150,000 - $185,000/year + bonus + benefits. Base pay offered may vary depending on job-related knowledge, skills, and experience.