Cloud Security Engineer
About The CompanyBraintrust is the AI observability platform. By connecting evals and observability in one workflow, Braintrust gives builders the visibility to understand how AI behaves in production and the tools to improve it.Teams at Notion, Stripe, Zapier, Vercel, and Ramp use Braintrust to compare models, test prompts, and catch regressions — turning production data into better AI with every release.About The RoleWe're looking for a hands-on Cloud Security Engineer to own the security posture of our multi-cloud infrastructure and customer hosted data planes. You'll work across AWS, Azure, and GCP, harden our Kubernetes and Terraform stack, and keep the platform secure without slowing engineering down.This is a senior IC role. You'll write code, build paved-road controls, ship detections, and partner with customers on deployment. If you're excited to use agentic coding tools to operate at the pace of a much larger team, we'd love to work with you.What you'll doOwn the security architecture for our internal AWS environment and the customer-deployed stacks running in AWS, Azure, and GCPWrite Terraform modules and policy code that make the secure path the default path for every team shipping infraHarden our Kubernetes footprint: admission controllers, network policies, workload identity, runtime detections, secrets handlingBuild and tune detections across cloud control planes, identity providers, and workload telemetry; own the alert pipeline end-to-end and keep signal-to-noise highHelp run incident response when something fires, and turn every incident into durable controls and codified runbooksHelp push cloud compliance initiatives. Partner with customers in Slack on self-hosting, network architecture, key management, and tenancy questionsUse agentic coding workflows to automate the repeatable parts of security work: control validation, evidence collection, drift detection, and IR triageIdeal candidate credentials5+ years in cloud security, infrastructure security, or security engineering with a heavy hands-on bent — you ship code and configuration, not just policyDeep AWS expertise (IAM, VPC, KMS, GuardDuty, CloudTrail) and working fluency in at least one of Azure or GCPStrong Terraform skills and a track record of making security guardrails the default in IaC pipelinesProduction Kubernetes security experience: you've run admission controllers, debugged a cluster compromise, or written a network policy that matteredProficient in modern backend technologies and comfortable writing real code in Python, TypeScript, or GoProduction incident response experience; you've owned a real incident end-to-end and made the next one less painfulFamiliarity with one or more compliance regimes (SOC 2, ISO 27001, HIPAA, FedRAMP) and the discipline to make them work without becoming busyworkActive user of agentic coding tools, with a clear point of view on how AI is changing security engineering — both offense and defenseBonus: experience securing self-hosted enterprise software, multi-tenant SaaS, or LLM-heavy workloads (data exfiltration via prompts, model proxy abuse, agent sandboxing)Benefits includeMedical, dental, and vision insuranceDaily lunch, snacks, and beveragesFlexible time offCompetitive salary and equityAI Stipend Equal opportunityBraintrust is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.