Scale AI, Inc

Staff Security Engineer

Job Description

Posted on: 
July 5, 2024

We are seeking a highly experienced Staff Security Engineer to assist our overall Security team at Scale. This senior role is crucial for ensuring the comprehensive security of our products, services, and infrastructure. You will leverage your extensive expertise in both application and infrastructure security to conduct in-depth code reviews, secure large cloud environments, orchestrate and secure compute clusters, and review infrastructure as code. Your ability to diagnose complex security issues, influence security strategies, and mentor team members will be pivotal in maintaining and enhancing our security posture.

Responsibilities

You will:

  • Conduct in-depth code reviews to identify and remediate security vulnerabilities.
  • Secure infrastructure across large cloud hosting providers (e.g., AWS, Azure, GCP).
  • Implement and maintain robust security configurations and policies for both cloud environments and Kubernetes-backed services.
  • Orchestrate and secure GPU clusters to ensure high performance and security.
  • Implement and maintain CI/CD pipelines with a strong focus on security.
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code.
  • Review and secure infrastructure as code (e.g., Terraform, CloudFormation).
  • Conduct regular security assessments and audits of both application and infrastructure components to identify vulnerabilities and areas for improvement.
  • Develop and enforce security best practices for infrastructure automation and orchestration.
  • Guide engineering teams to build robust long-term solutions that consider security and privacy.
  • Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
  • Influence the security strategy and direction of both the Product Security and Infrastructure Security teams, advocating for best practices and continuous improvement.
  • Educate and mentor team members on security best practices and emerging threats.

Job Requirements

Ideally, you’d have:

  • Proven experience as a Security Engineer with a focus on both product and infrastructure security.
  • Proficiency in NodeJS, TypeScript, and Kubernetes.
  • Strong understanding of modern Javascript application design.
  • Production experience with Kubernetes-backed services.
  • Hands-on experience with SAST and DAST tools and methodologies.
  • Proficiency in cloud security configurations and policies, as well as infrastructure as code tools such as Terraform and CloudFormation.
  • Experience with orchestrating and securing GPU clusters.
  • Exceptional problem-solving skills with the ability to diagnose and resolve complex security issues independently.
  • Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders.
  • Demonstrated ability to influence security strategies and drive improvements within an organization.
  • Relevant security certifications (e.g., CISSP, CEH, OSCP, AWS Certified Security Specialty, Certified Cloud Security Professional) are a plus.
  • Experience in a staff or principal security role is preferred.

Apply now

More job openings