Staff Security Engineer chez Topaz Labs

About the role

• Secure the Hybrid Infrastructure (AWS & Colo): You will be the single owner for security across our cloud environments and our physical colocation data centers. This includes configuring firewalls, managing physical network security, and hardening our Linux GPU clusters.
• Corporate & Endpoint Security: You will own the security of our internal tools and devices. You will manage our fleet (primarily macOS) using Jamf and oversee identity management via Active Directory.
• You ensure our creative workflows are secure without being obstructive.
• Hands-On Penetration Testing: We don't just rely on external audits. You will regularly conduct hands-on penetration tests against our internal networks, office infrastructure, and AI applications to find vulnerabilities before anyone else does.
• Secure the AI Supply Chain: Our models are our most valuable IP. You will design systems to protect our model weights during training, storage, and delivery, ensuring they are tamper-proof and secure from theft or reverse engineering.

About you

• You are a hands-on generalist. You are just as comfortable configuring an IAM policy in AWS as you are setting up a switch in a colocation rack or writing a script for Jamf.
• You have a craftsmanship mentality. You take personal pride in building systems that are robust, elegant, and secure by default. You don't just patch holes; you eliminate entire classes of vulnerabilities.
• You are an infrastructure native. You are fluent in Linux internals, networking, and container orchestration. You understand the unique security challenges of cloud, distributed, and HPC environments.
• You value truth over comfort. You are willing to have hard conversations about risk and prioritize fixing root causes over applying band-aids.
• You think like an attacker. You don't wait for a report to tell you something is wrong. You actively probe our defenses (office, colo, and cloud) to prove they work.

Qualifications

• 7+ years of experience in security engineering, with a mix of infrastructure, corporate IT, and offensive security.
• Deep hands-on experience with cloud security and compliance (AWS, IAM, VPC, SOC II, Vanta).
• Proven experience with Endpoint Management & Identity: Expert-level knowledge of Jamf for macOS management and Active Directory (or modern equivalents) for identity governance.
• Physical & Network Security: Experience securing physical office networks and colocation facilities (firewalls, VPNs, switching).
• Offensive Security: Demonstrated ability to perform manual penetration testing (network and web app).Proficiency in scripting (Python/Bash) to automate security tasks.
• Bonus: Experience securing on-device software or desktop applications (Windows/macOS).