BraintrustRemote
Cloud Security Engineer
United States of America
Full Time
2 hours ago
H1B Sponsor Likely
Key skills
TypeScriptPythonGoAILLMAgenticAWSAzureGCPTerraformKubernetesIAMSaaSCloud Security
About this role
Braintrust is the AI observability platform. They are seeking a hands-on Cloud Security Engineer to own the security posture of their multi-cloud infrastructure and customer hosted data planes, working across AWS, Azure, and GCP to enhance security without slowing engineering down.
Responsibilities:
- Own the security architecture for our internal AWS environment and the customer-deployed stacks running in AWS, Azure, and GCP
- Write Terraform modules and policy code that make the secure path the default path for every team shipping infra
- Harden our Kubernetes footprint: admission controllers, network policies, workload identity, runtime detections, secrets handling
- Build and tune detections across cloud control planes, identity providers, and workload telemetry; own the alert pipeline end-to-end and keep signal-to-noise high
- Help run incident response when something fires, and turn every incident into durable controls and codified runbooks
- Help push cloud compliance initiatives
- Partner with customers in Slack on self-hosting, network architecture, key management, and tenancy questions
- Use agentic coding workflows to automate the repeatable parts of security work: control validation, evidence collection, drift detection, and IR triage
Requirements:
- 5+ years in cloud security, infrastructure security, or security engineering with a heavy hands-on bent — you ship code and configuration, not just policy
- Deep AWS expertise (IAM, VPC, KMS, GuardDuty, CloudTrail) and working fluency in at least one of Azure or GCP
- Strong Terraform skills and a track record of making security guardrails the default in IaC pipelines
- Production Kubernetes security experience: you've run admission controllers, debugged a cluster compromise, or written a network policy that mattered
- Proficient in modern backend technologies and comfortable writing real code in Python, TypeScript, or Go
- Production incident response experience; you've owned a real incident end-to-end and made the next one less painful
- Familiarity with one or more compliance regimes (SOC 2, ISO 27001, HIPAA, FedRAMP) and the discipline to make them work without becoming busywork
- Active user of agentic coding tools, with a clear point of view on how AI is changing security engineering — both offense and defense
- Bonus: experience securing self-hosted enterprise software, multi-tenant SaaS, or LLM-heavy workloads (data exfiltration via prompts, model proxy abuse, agent sandboxing)