Rocket Money is seeking a Senior Infrastructure Engineer specializing in Cloud Security to enhance the security posture of their cloud infrastructure. The role involves managing cloud security strategies, contributing to engineering work, and collaborating with internal teams to ensure secure operations at scale.
Responsibilities:
- Evolving our AWS account strategy, VPC design, and workload segmentation as our infrastructure footprint grows
- Owning our firewalls, and edge security strategy across our cloud footprint
- Enhancing our IaC security scanning, Terraform module governance, and pipeline security for our infrastructure deployments
- Owning and evolving our vulnerability management, misconfiguration detection, and SIEM strategy
- Setting the security bar for our AI products and AI-adjacent developer tooling, in partnership with product, InfoSec, and IT
- Contributing to day-to-day Cloud Infrastructure work alongside your security specialty — Terraform reviews, platform backlog, on-call rotation
Requirements:
- You have 6+ years of hands-on cloud engineering experience, with substantial time spent on cloud security in production — IAM, network architecture, blast-radius reduction, and vulnerability management
- You write production Terraform fluently and have experience authoring custom IaC security scanning rules, pinning module versions, and hardening CI/CD pipelines
- You have deep experience in at least one major cloud (AWS preferred, GCP acceptable), including account strategy, network design, and least-privilege IAM
- You treat detection as a product and have experience consolidating vulnerability and misconfiguration programs where tooling produced more noise than signal
- You have evaluated SIEM approaches — vendor-hosted, self-operated, or hybrid — and can make a principled choice for a given organization's scale and risk tolerance
- You believe that secure defaults and paved roads are more effective than gates and approvals; low-friction compliance is the goal
- You understand the security implications of LLMs, agents, and AI-enabled developer tooling, and can set a reasonable bar for their safe adoption
- You work well on a collaborative Cloud Infrastructure team and partner effectively with InfoSec, IT, and parent-company security functions
- You have led a cloud security migration or modernization project where you defined the vision, approach, and delivered the implementation
- You have built or open-sourced internal security tooling, libraries, or scanning rules that improved how teams work with cloud infrastructure
- You have experience translating compliance frameworks (SOC 2, PCI-DSS, or GLBA) into engineering controls without creating friction for development teams
- You have hands-on experience securing production AI or ML systems — including prompt injection defenses, agent sandboxing, or model supply chain risk