Staff Security Engineer, Infrastructure San Francisco

fal is the generative media ecosystem powering the next generation of AI products. We build the infrastructure, tools, and model access that teams need to move from idea to production, and do it at scale without compromise. For developers and enterprises, fal is the foundation that makes generative media not just possible, but practical: a unified platform where high-performance inference, orchestration, and observability come together to unlock new categories of AI-native products.As generative media reshapes industries across a market projected to grow by hundreds of billions over the next decade, fal is becoming the ecosystem that ambitious teams build on.About The RoleWe’re looking for a Security Engineer, Infrastructure to secure the core systems that power fal.ai’s platform: GPU compute, multi-cloud environments, networking, and data pipelines. You’ll operate across the full stack, from cloud and Kubernetes to identity, networking, and secrets, designing and implementing security controls that scale with a high-performance AI platform. This role is highly hands-on and systems-oriented, sitting at the intersection of security, infrastructure, and distributed systems.What You’ll DoBuild & Harden Infrastructure SecurityDesign And Implement Security Controls AcrossCloud infrastructureKubernetes and containerized workloadsNetworking, service meshes, and edge systemsCI/CD pipelines and deployment systemsSecure compute environments for GPU workloads and model executionIdentity, Secrets & AccessMachine identity and workload authenticationSecrets management and encryption (e.g., Vault, KMS)Least-privilege access and short-lived credentialsImplement Zero Trust principles across infrastructureSecure AI & Data SystemsProtect model weights, inference endpoints, and customer dataDesign secure data access pathways and isolation mechanismsEnsure safe multi-tenant execution environmentsAutomation & Security ToolingBuild security guardrails directly into infrastructure and CI/CDUse Infrastructure-as-Code (Terraform, Pulumi) to enforce secure defaultsContinuously identify and remediate security gaps through automationThreat Modeling & Risk ReductionIdentify and mitigate risks across infrastructure layersDefend against both external attackers and insider threatsDrive projects like network isolation, encryption, and secure service communicationCross-Functional CollaborationPartner with platform, infra, and ML teams to drive shift-left securityEnable engineers to move fast with secure-by-default systemsContribute to a strong security culture across the companyCore RequirementsWhat We’re Looking For8+ years in security engineering, infrastructure, or SREStrong understanding of:Cloud security (AWS, GCP, or Azure)Networking fundamentals (segmentation, firewalls, Zero Trust)Linux systems and container security (Docker, Kubernetes)Experience building or securing production infrastructure at scaleSecurity ExpertiseDeep Knowledge OfAuthentication & authorization systemsSecrets management and cryptography basicsCommon vulnerabilities and attack vectorsAbility to design security controls across multiple layers (infra → app)Engineering SkillsProficiency in at least one language (Go, Python, or similar)Experience with Infrastructure-as-Code (Terraform preferred)Strong automation mindset—security should scale with systemsNice to HaveExperience WithGPU infrastructure or ML systemsMulti-tenant platform isolationService mesh / zero-trust architecturesHigh-growth startup environmentsWhat Makes This Role UniqueWork on cutting-edge AI infrastructure security (not just SaaS)Secure GPU clusters, model execution, and real-time inference systemsHigh ownership: design systems from first principlesDirect impact on developer trust and platform reliabilityOur Security PhilosophySecure-by-default > bolt-on securityEnable developers, don’t block themAutomate everythingAssume breach, design for resilienceCompensation & BenefitsCompetitive salary + equityFull health, dental, and vision coverageOpportunity to work on frontier AI infrastructureWhy fal.aiYou’ll help define what security looks like for the next generation of AI infrastructure—where performance, scale, and safety all matter.