← Back to list
Job

Cloud Security Engineer

Security Engineer • On-site • Full-time • 📍 San Francisco

Braintrust is looking for a hands-on Cloud Security Engineer to own the security posture of its multi-cloud infrastructure and customer-hosted data planes across AWS, Azure, and GCP, hardening Kubernetes and Terraform while using agentic coding tools to move at speed.

Responsibilities

  • Own the security architecture for the internal AWS environment and customer-deployed stacks on AWS, Azure, and GCP
  • Write Terraform modules and policy code that make the secure path the default for every team shipping infra
  • Harden the Kubernetes footprint: admission controllers, network policies, workload identity, runtime detections, secrets handling
  • Build and tune detections across cloud control planes, identity providers, and workload telemetry; own the alert pipeline
  • Help run incident response and turn every incident into durable controls and codified runbooks
  • Push cloud compliance initiatives forward
  • Partner with customers in Slack on self-hosting, network architecture, key management, and tenancy questions
  • Use agentic coding workflows to automate control validation, evidence collection, drift detection, and IR triage

Requirements

  • 5+ years in cloud security, infrastructure security, or security engineering with a hands-on bent
  • Deep AWS expertise (IAM, VPC, KMS, GuardDuty, CloudTrail) and fluency in Azure or GCP
  • Strong Terraform skills and a track record making security guardrails the default in IaC pipelines
  • Production Kubernetes security experience
  • Proficient writing real code in Python, TypeScript, or Go
  • Production incident response experience, owning a real incident end-to-end
  • Familiarity with compliance regimes (SOC 2, ISO 27001, HIPAA, FedRAMP)
  • Active user of agentic coding tools with a point of view on how AI is changing security engineering

Nice to have

  • Experience securing self-hosted enterprise software, multi-tenant SaaS, or LLM-heavy workloads (data exfiltration via prompts, model proxy abuse, agent sandboxing)

Soft skills

Balances security rigor with engineering velocityStrong incident response composure and follow-throughClear cross-team communication with customers on security topicsProactive automation mindset to scale a small security team

What we offer

  • Medical, dental, and vision insurance
  • Daily lunch, snacks, and beverages
  • Flexible time off
  • Competitive salary and equity
  • Wifi & cellphone stipend

About the company

Braintrust is the AI observability platform, connecting evals and observability in one workflow so builders can understand how AI behaves in production and improve it. Teams at Notion, Stripe, and Vercel use Braintrust to compare models, test prompts, and catch regressions.

Similar jobs