Staff Infrastructure Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Crusoe · 2 hours ago

Staff Infrastructure Security Engineer

positionDenver Metropolitan Area
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date6+ years exp

Crusoe is focused on accelerating the abundance of energy and intelligence through sustainable technology. They are seeking a highly skilled Staff Infrastructure Security Engineer to architect and operationalize foundational security services, driving the enterprise HashiCorp Vault platform from Proof-of-Concept to global production readiness while evolving the credentials management strategy across a hybrid multi-cloud environment.

AI InfrastructureArtificial Intelligence (AI)Data CenterEnergyEnergy ManagementOil and Gas
check
H1B Sponsor Likelynote

Responsibilities

Strategic Architecture & Governance
Zero Trust Architecture: Architect a highly available, disaster-resilient, and scalable multi-cluster secrets management platform that serves as the foundation for the organization’s Zero Trust strategy
Technical Leadership: Drive consensus across Cloud Engineering, DevOps, and SRE teams to define standardized secret management workflows and integrate security patterns into the SDLC
Compliance & Governance: Ensure the platform design meets rigorous internal policies and external compliance frameworks (e.g., SOX, ISO 27001)
Policy as Code: Design and implement advanced governance controls, including Sentinel Policy as Code, to automate security guardrails and access decisions
Platform Engineering & Implementation
Infrastructure as Code (IaC): Lead the engineering of the Vault infrastructure using Terraform, ensuring all deployments are reproducible, version-controlled, and automated
Identity Integration: Architect the integration between the secrets platform, Identity Providers (Okta), and workload identities (Kubernetes Service Accounts) to establish robust machine-to-machine authentication
Advanced Secrets Capabilities: Configure and tune essential secrets engines (KV, Transit, KMIP) and Enterprise features (Performance Replication, Seal automation) to support diverse engineering use cases
Operational Excellence & Developer Enablement
Vault as a Service (VaaS): Operationalize the platform by building self-service mechanisms, distinct "paved road" onboarding procedures, and documentation that allows engineering teams to easily consume security services
Observability: Implement comprehensive monitoring, alerting, and audit logging to ensure platform health, provide visibility into usage patterns, and satisfy audit requirements
Lifecycle Management: Own the full operational lifecycle of the production environment, including patching, version upgrades, backup/restore procedures, and incident response runbooks

Qualification

HashiCorp VaultSecrets ManagementInfrastructure as CodeGoogle Cloud PlatformKubernetesCryptographyCompliance & GovernanceOperational ExcellenceNetwork SecurityProgramming (Go/Python)Technical Leadership

Required

6+ years (or equivalent) hands-on experience in cloud security, DevOps, or infrastructure engineering
Deep expertise and proven track record deploying and managing HashiCorp Vault in an enterprise environment
Expert-level knowledge of Secrets Management, X.509 PKI (Public Key Infrastructure), Certificate Authority Operations, and Cryptography concepts
Strong experience with Google Cloud Platform (GCP) and cloud native identity and access management (IAM)
Proficiency with Infrastructure as Code (IaC) tools, especially Terraform, for automating the deployment and configuration of Vault and its dependent infrastructure
Fluent in at least one programming language (ideally Go or Python)
Demonstrable experience with Kubernetes and container security principles, especially integrating secrets into microservices architectures
Strong understanding of network security concepts (IP addressing, IP routing, firewalls, segmentation, Zero Trust)

Preferred

Experience with the Enterprise edition of HashiCorp Vault

Benefits

Industry competitive pay
Restricted Stock Units in a fast growing, well-funded technology company
Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
Employer contributions to HSA accounts
Paid Parental Leave
Paid life insurance, short-term and long-term disability
Teladoc
401(k) with a 100% match up to 4% of salary
Generous paid time off and holiday schedule
Cell phone reimbursement
Tuition reimbursement
Subscription to the Calm app
MetLife Legal
Company paid commuter benefit; $300 per month

Company

Crusoe

twittertwittertwitter
company-logo
Crusoe is a vertically integrated AI infrastructure company that builds and operates data centers powered by energy sources.
dateFounded in 2018
location
Denver, Colorado, USA
people-size1001-5000 employees
web-link
https://crusoe.ai

H1B Sponsorship

Crusoe has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (69)
2024 (14)
2023 (2)
2022 (1)
2021 (1)

Funding

Current Stage
Late Stage
Total Funding
$3.9B
Key Investors
Mubadala Capital,Valor Equity PartnersVictory Park CapitalBrookfield Asset Management
2025-12-19Secondary Market
2025-10-23Series E· $1.4B
2025-08-25Debt Financing· $175M

Leadership Team

leader-logo
Chase Lochmiller
Co-Founder and Chief Executive Officer
linkedin
leader-logo
Cully Cavness
Co-Founder, President and Chief Strategy Officer
linkedin

Recent News

semafor.com
Exclusive / Crusoe launches cloud product to take on hyperscalers
2026-02-07
PitchBook
AI and a new scale of startups took US venture debt funding to another record
2026-02-02
GlobeNewswire
Crusoe Appoints Nader Pakfar, founder of SPC LLP, as General Counsel, Real Estate
2026-01-22
Company data provided by crunchbase