Staff Network Security Engineer

Fluidstack is building the infrastructure for abundant intelligence, partnering with top AI labs and enterprises to unlock compute at the speed of light. The Staff Network Security Engineer will lead the security strategy for their cloud platform, focusing on network perimeter protection, DDoS resilience, and implementing a Zero-Trust model.

Responsibilities:

• Architect and deploy resilient protections at the network edge —including perimeter firewalls, proxy layers, WAFs, and CDN-based controls—to shield Fluidstack’s globally distributed footprint
• Create and maintain sophisticated DDoS-defense programs that preserve uptime
• Continuously analyze traffic, fine-tune safeguards such as rate-limiting and traffic filtering, and react decisively to volumetric spikes or atypical patterns
• Lead the rollout of a Zero-Trust model across Fluidstack’s cloud and network domains
• Engineer solutions that enforce least-privilege, continuous verification, and service micro-segmentation, eliminating implicit trust at every tier
• Stand up comprehensive network-security monitoring to surface threats early
• Detect indicators of compromise, hunt for vulnerabilities, and orchestrate rapid incident-response actions to limit blast radius
• Collaborate closely with Networking, Infrastructure, SRE/DevOps, and Software Engineering to embed security best practices into designs, deployments, and pipelines
• Offer expert input during architecture and code reviews to guarantee security-by-design
• Champion security initiatives and cultivate a security-first culture
• Coach junior engineers and peer teams on network-security fundamentals, deliver training, and model strict adherence to policies and standards
• Author, refine, and enforce security policies and SOPs suited to a highly scalable, distributed environment
• Periodically reassess network and cloud-security posture, ensuring alignment with industry benchmarks as the company scales

Requirements:

• 5 + years in hands-on network-security engineering, protecting large-scale cloud or hyperscale environments and complex distributed systems
• Deep expertise in edge-protection technologies - DDoS mitigation, web-exploit defense, and Zero-Trust implementations
• Strong conceptual and practical command of modern cloud and network security
• Proficient in protocols (TCP/IP, DNS, BGP, HTTP/S), segmentation, VPNs, and firewall tuning; experienced securing AWS, GCP, Azure, or bespoke hyperscale and containerized platforms
• Demonstrated ability to own security programs end-to-end, mentor engineers, and instill a security-centric mindset across varied teams
• Excellent at partnering with Networking, Infrastructure, DevOps/SRE, and Software groups to craft security solutions that protect critical assets while empowering the business
• Skilled in crafting and evaluating security controls for massively scalable systems, and familiar with frameworks such as NIST, ISO 27001, and SOC 2 in cloud contexts
• Experience inside a top-tier cloud provider or hyperscale setting (FAANG-class or similar) and familiarity with unique security challenges at extreme scale
• Acquainted with enterprise-grade DDoS and web-application-security platforms - Cloudflare, AWS Shield, Akamai, Arbor, F5, etc. - and adept at tuning WAF rules and traffic-scrubbing tactics
• Hands-on design of Zero-Trust networks, including IAM, SSO, MFA, and NAC solutions
• Comfortable scripting or coding (Python, Go, etc.) to automate security workflows, integrate tools, and secure IaC and CI/CD pipelines
• Credentials such as CISSP, CCSP, GIAC (GSEC, GCIH, …), or cloud-security specialties (AWS/Azure) that attest to a solid security foundation
• Active in the security community or open-source projects, with current knowledge of emerging threats, vulnerabilities, and defenses in network and cloud security