Information security analyst jobs in San Francisco, CA - 582 jobs

A major consulting firm in San Francisco is seeking a Manager in Digital Assurance. You will lead client projects related to IT controls auditing and consulting while mentoring junior staff. Candidates should possess a Bachelor's degree and CPA or CISA certification, along with 5 years of relevant experience. This role emphasizes leadership and quality assurance within innovative contexts. The compensation ranges from $99,000 to $252,450, with eligibility for annual bonuses and comprehensive benefits. #J-18808-Ljbffr

Lambda, The Superintelligence Cloud, is a leader in AI cloud infrastructure serving tens of thousands of customers. Our customers range from AI researchers to enterprises and hyperscalers. Lambda's mission is to make compute as ubiquitous as electricity and give everyone the power of superintelligence. One person, one GPU. If you'd like to build the world's best AI cloud, join us. Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda's designated work from home day is currently Tuesday. What You'll Do Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives Manage IT Risk Register including risk identification, tracking, and prioritization. Assist with and drive remediation of control deficiencies and gaps Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires Assist control owners with root cause analysis and track risk management action plan progress. Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements You Have a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements Have experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations Possess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives Nice to Have Experience in the machine learning or computer hardware industry Experience with Security by Design and/or Privacy by Design principles Experience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks. Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems Familiarity with using third‑party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third‑party risk management Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Experience in the AI infrastructure, machine learning and/or computer hardware industry Salary Range Information The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description. About Lambda Founded in 2012, with 500+ employees, and growing fast Our investors notably include TWG Global, US Innovative Technology Fund (USIT), Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In‑Q‑Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, Gradient Ventures, Mercato Partners, SVB, 1517, and Crescent Cove We have research papers accepted at top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG Our values are publicly available: ************************* We offer generous cash & equity compensation Health, dental, and vision coverage for you and your dependents Wellness and commuter stipends for select roles 401k Plan with 2% company match (USA employees) Flexible paid time off plan that we all actually use A Final Note: You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills. Equal Opportunity Employer Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law. #J-18808-Ljbffr

About the job Company Credit Genie is a mobile‑first financial wellness platform designed to help individuals take control of their financial future. We leverage artificial intelligence to provide personalized insights and are building a financial ecosystem by offering tools and services that provide instant access to cash and building credit. Our goal is to empower every customer to achieve long‑term financial stability. Founded in 2019 by Ed Harycki, former Swift Capital Founder (acquired by PayPal in 2017). Backed by Khosla Ventures and led by industry pioneers from companies such as PayPal, Square, and Cash App, we are well positioned to build the future of inclusive finance through cutting‑edge technology and customer‑centric solutions. Overview As Chief Information Security Officer (CISO), you will be the primary leader responsible for developing and implementing our information security strategy. You'll protect our systems, data, and customer trust by overseeing cybersecurity operations, ensuring compliance with regulatory standards, and mitigating risks in a dynamic fintech environment. This role demands a visionary leader with deep expertise in cybersecurity, preferably in fintech, and a passion for securing innovative financial products. What You'll Do Develop and execute a comprehensive cybersecurity strategy to protect our platform, customer data, and intellectual property. Ensure compliance with fintech and data privacy regulations, including GDPR, CCPA, PCI‑DSS, and other relevant standards. Oversee the design, implementation, and monitoring of security controls for payment processing, lending platforms, and other financial products. Lead incident response, including managing and mitigating cybersecurity breaches, vulnerabilities, and regulatory inquiries. Collaborate with product, engineering, and compliance teams to embed security‑by‑design principles into new features and services. Build and maintain a robust security framework for credit and lending operations, ensuring protection against fraud and data breaches. Conduct risk assessments and implement mitigation strategies for emerging threats in the fintech landscape. Manage relationships with external security vendors, auditors, and regulatory bodies. Develop and lead a high‑performing security team, fostering a culture of proactive risk management. Support international expansion by aligning security practices with global data protection and financial regulations. Stay ahead of cybersecurity trends, advising the executive team on evolving threats and technologies. Qualifications Who You Are Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field. 10+ years of progressive experience in cybersecurity, with at least 5 years in a senior leadership role at a fintech or high‑growth tech company. Deep expertise in securing credit and lending platforms, preferably in the fintech industry, with knowledge of fraud prevention, secure payment processing, and regulatory compliance (e.g., Truth in Lending Act, Fair Credit Reporting Act). Proven track record in designing and implementing security architectures for cloud‑based systems, APIs, and financial applications. Strong understanding of data privacy, encryption, and consumer protection laws in a fintech context. Experience leading incident response, penetration testing, and vulnerability management programs. Exceptional communication skills, with the ability to explain complex security concepts to non‑technical stakeholders, from engineers to board members. Strategic mindset with the ability to balance security rigor with business innovation in a fast‑paced startup environment. Nice to have Experience at a fintech company with exposure to payment processing, lending, or brokerage platforms. Familiarity with SOC 2, ISO 27001, or other cybersecurity certifications and frameworks. Knowledge of international cybersecurity regulations to support global operations. Experience building and scaling security teams in high‑growth environments. Compensation Benefits And Perks 100% company‑paid medical, dental, and vision coverage for you and your dependents on your first day of employment. Monthly fitness reimbursement up to $100 or a full membership to LifeTime Fitness. 401(k) with a 2.5% match and immediate vesting. Meal program for breakfast, lunch, and dinner. Life and accidental insurance. Flexible PTO. We know how to fine‑tune corporate security because we've led effective and efficient Fortune 500‑level security programs. The SEC helps businesses find the best balance of risk mitigation, cost and innovation. #J-18808-Ljbffr

You must apply on our website to be considered for the position. APPLY HERE_> ************************************ The San Francisco Department of Public Health is seeking a dynamic and experienced cybersecurity professional to join its IT leadership team. As a key strategic leader, the Chief Information Security Officer (CISO) (0933 Manager V) will be responsible for developing and executing a comprehensive information security strategy that safeguards the department's systems, data, and services. This role leads the implementation of an enterprise-wide security program that promotes collaboration, strengthens governance, and aligns cybersecurity initiatives with organizational goals. The CISO serves as a trusted advisor to senior leadership, providing expert guidance on risk management, security investments, and policy development. The CISO oversees a team of cybersecurity professionals within the SFDPH IT division and collaborates extensively with the CISO for the City and County of San Francisco. We are looking for a visionary and collaborative leader who can balance innovation with risk mitigation, and who thrives in a complex, mission-driven environment. The CISO reports directly to the Chief Information Officer (CIO). Essential Job Functions Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion Directs the ongoing development of the department's information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics, and monitors compliance through audits and assessments Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program Promotes awareness and understanding of regulatory requirements across the organization. Leads or collaborates on testing and auditing activities to ensure ongoing compliance and successful certifications Analyzes security requirements and ensures compliance with industry standards such as HIPAA, NIST, and PCI-DSS Establishes and maintains comprehensive policies and procedures to support effective and sustainable security operations Serves as the department's representative in security-related matters with City agencies and partners Continuously monitors emerging trends, technologies, and best practices in cybersecurity to ensure the department's security posture remains current and effective The Chief Information Security Officer (0933 Manager V) may perform other duties as assigned/required. How to qualify 1. Education: Bachelor's degree from an accredited college or university; AND 2. Experience: Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals. Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis. One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units. Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted. One-year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Desirable Qualifications Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification Verification of Education and Experience Every application is reviewed to ensure that you meet the minimum qualifications as listed in the job ad. Review SF Careers Employment Applications for considerations taken when reviewing applications. #J-18808-Ljbffr

At Fluidstack, we're building the infrastructure for abundant intelligence. We partner with top AI labs, governments, and enterprises - including Mistral, Poolside, Black Forest Labs, Meta, and more - to unlock compute at the speed of light. We're working with urgency to make AGI a reality. As such, our team is highly motivated and committed to delivering world‑class infrastructure. We treat our customers' outcomes as our own, taking pride in the systems we build and the trust we earn. If you're motivated by purpose, obsessed with excellence, and ready to work very hard to accelerate the future of intelligence, join us in building what's next. About the Role The Information Security Engineer, Bare Metal will be a critical part of the infrastructure team, responsible for designing, implementing, and maintaining the security of Fluidstack's bare metal fleet. This role is highly technical and requires deep expertise in hardware, operating systems, and network security in a high-scale, high-performance environment. Key Responsibilities: Bare Metal Lifecycle Security: Own the security throughout the entire lifecycle of the bare metal fleet, from provisioning and hardening to decommission. Image Security and Hardening: Design and implement secure, hardened base operating system images (Linux) for all production and development environments, including automated vulnerability scanning and patch management. Baseboard Management Controller (BMC) Security: Define and enforce security best practices for BMCs, including access controls, credential management, logging, and firmware integrity/patching. Network Security: Collaborate with network engineering to design and implement secure network architectures, including micro‑segmentation, intrusion detection/prevention systems (IDS/IPS), and firewall policies for the bare metal environment. Storage and Data Protection: Implement strong security controls for storage systems, focusing on data‑at‑rest encryption, key management, and secure access protocols for both local and networked storage. Automation: Develop security automation and tooling (e.g., configuration management scripts) to ensure security is enforced consistently and at scale across the fleet. Security Monitoring and Incident Response: Configure and manage security monitoring for bare metal infrastructure and participate in the incident response process for critical security events. Security Review: Conduct regular security audits and threat modeling exercises for new hardware and infrastructure designs. Focus Securing and hardening base images (Linux/OS). Baseboard Management Controller (BMC) access control and firmware security. Infrastructure network segmentation and policy enforcement. Storage encryption, data integrity, and key management. About You 7+ years of experience in an Information Security or Infrastructure Engineering role, with a strong focus on bare metal, IaaS, or high‑scale cloud infrastructure. Deep practical experience with Linux operating system hardening (e.g., SELinux, AppArmor, kernel‑level security). Expert‑level knowledge of network security principles, including TCP/IP, VPNs, firewall rulesets, and zero‑trust concepts. Proven ability to implement and manage encryption technologies, including disk‑level encryption (e.g., LUKS) and hardware‑level encryption. Strong scripting and automation skills in languages such as Python, Go, or Rust, and experience with configuration management tools (e.g., Ansible, Puppet, Chef). Understanding of hardware security modules (HSMs) and trusted computing concepts (e.g., TPM/TXT). Excellent problem‑solving and communication skills, with the ability to work collaboratively across engineering teams. Nice to Haves Experience with specific BMC platforms (e.g., OpenBMC, Dell iDRAC, HPE iLO). Familiarity with compliance standards relevant to bare metal environments (e.g., SOC 2, ISO 27001, FedRAMP). Experience with hardware‑level root of trust and secure boot implementations. Relevant security certifications (e.g., CISSP, OSCP, CEH). Salary & Benefits Competitive total compensation package (salary + equity). Retirement or pension plan, in line with local norms. Health, dental, and vision insurance. Generous PTO policy, in line with local norms. The base salary range for this position is $150,000 - $250,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options. We are committed to pay equity and transparency. Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. . #J-18808-Ljbffr

Heartflow is a medical technology company advancing the diagnosis and management of coronary artery disease, the #1 cause of death worldwide, using cutting‑edge technology. The flagship product-an AI‑driven, non‑invasive cardiac test supported by the ACC/AHA Chest Pain Guidelines called the Heartflow FFRCTAnalysis-provides a color‑coded, 3D model of a patient's coronary arteries indicating the impact blockages have on blood flow to the heart. Heartflow is the first AI‑driven non‑invasive integrated heart care solution across the CCTA pathway that helps clinicians identify stenoses in the coronary arteries (RoadMap™Analysis), assess coronary blood flow (FFRCTAnalysis), and characterise and quantify coronary atherosclerosis (Plaque Analysis). Our pipeline of products is growing and so is our team; join us in helping to revolutionise precision heart‑care. Heartflow is a publicly traded company (HTFL) that has received international recognition for exceptional strides in healthcare innovation, is supported by medical societies around the world, cleared for use in the US, UK, Europe, Japan and Canada, and has been used for more than 500,000 patients worldwide. Overview The Heartflow Information Security team is responsible for security across our corporate and product environments, protecting our patient data and medical device ecosystem. We are looking for an investigator that loves the challenge of analysing complex security telemetry to uncover hidden threats and ensure a resilient defence for our corporate and product environments. The initial focus will be on triaging advanced security events and participating in our security incident response process. Analytical work will span our corporate, clinical and cloud infrastructure and will include threat hunting and the refinement of high‑fidelity detection logic. What You'll Do Perform in‑depth analysis of security events, logs, and network traffic using SIEM, EDR, and other security tools to rapidly identify, contain, and remediate complex threats. Collaborate in developing and implementing custom correlation rules, dashboards, and alerts to enhance detection capabilities. Drive threat hunts to find “quiet” persistent threats within our clinical and corporate environments. Participate in continuous refinement of incident response playbooks, operational procedures, and security standards. Perform security reviews of third‑party vendors to identify risks and ensure they meet company standards. What You Bring Education - BS in Computer Science or a related technical degree. No degree? No problem-if you have the equivalent experience and certifications, we want to hear from you. Experience - At least 2 years in the trenches of a SOC or Incident Response team. However, if you haven't held a formal “Security” title but have at least 2 years on an IT Operations team, we value deep technical expertise in operating systems and networking if you can show us your passion for security. You're comfortable navigating security platforms like SIEMs, EDR tools (CrowdStrike or similar), and Email Security platforms. Strong problem‑solving skills with the ability to troubleshoot security issues across networks, operating systems, and applications. Possess a solid understanding of log correlation and how to write logic for security alerts. Deep understanding of at least one of the operating system internals (Windows, Linux, or mac OS). Ability to analyse process trees. Able to analyse network flows and packet data to find hidden threats. You know your way around network tools and can spot anomalies across different types of environments. What Helps You Stand Out Certifications: SANS GIAC (GCIH, GCIA), CompTIA (Security+, CySA+), EC‑Council (C|SA) or equivalent. Proven ability to take initiative- track record of identifying problems and developing solutions independently. Excellent written and verbal communication skills, with the ability to clearly articulate complex technical issues and remediation plans to both technical and non‑technical audiences. You are a continuous learner who stays curious about the latest attack trends and loves figuring out how to stop them. A reasonable estimate of the base salary compensation range is $75,000 to $100,000 per year, and bonus. #LI-IB1 Heartflow is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at Heartflow, including recruitment, hiring, training, relocation, promotion, and termination. Positions posted for Heartflow are not intended for or open to third‑party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals. Heartflow has become aware of a fraud where unknown entities are posing as Heartflow recruiters in an attempt to obtain personal information from individuals as part of our application or job offer process. Before providing any personal information to outside parties, please verify the following: A) All legitimate Heartflow recruiter email addresses end with “@heartflow.com” and B) The position described is found on our careers site at ********************************* #J-18808-Ljbffr

A blockchain technology company is seeking a Software Engineer in San Francisco to design and build core infrastructure. Responsibilities include developing secure distributed systems and collaborating with teams to enhance blockchain accessibility. The role offers competitive compensation, autonomy in work, and opportunities for international candidates with visa sponsorship. A minimum salary range of $150,000 - $190,000 is provided. #J-18808-Ljbffr

About Anthropic Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Build secure network stacks with appropriate isolation and segmentation Create OS-level attestation and integrity monitoring systems Develop security patches, custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$320,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process #J-18808-Ljbffr

A tech company in San Francisco is seeking a Lead Security Engineer to enhance its security posture across various environments. The ideal candidate will have over 5 years of experience in security roles and expertise in cloud security, IAM, and secure systems design. Responsibilities include implementing scalable security controls and collaborating with cross-functional teams. The base pay range for this position is $220,000 - $330,000 USD. #J-18808-Ljbffr

A leading tech company in San Francisco is seeking an experienced Enterprise IT Engineer to manage and secure their systems. This role will involve shaping the identity access foundation, administrating SaaS tools, and optimizing workflows. The ideal candidate will have 4-6 years in IT security, deep knowledge of Okta and Google Workspace, and the ability to work effectively in a fast-paced environment. They offer competitive compensation and comprehensive health benefits. #J-18808-Ljbffr

A cutting-edge tech firm located in San Francisco is seeking a Security Engineer to lead the development of security tools and safeguard systems from unauthorized access. The ideal candidate will possess significant experience in security software engineering, demonstrate strong software engineering skills, and be ready for on-call duties. This role offers competitive compensation, including a substantial salary, equity, and comprehensive benefits. Join us to help protect our innovative AI solutions while working within a collaborative and focused environment. #J-18808-Ljbffr

A leading AI research company based in San Francisco is seeking a Client Platform Engineer to secure and enhance endpoint management infrastructure for a variety of devices. You will focus on automating solutions, collaborating with IT and Engineering teams to implement cutting-edge management practices. A strong background in programming and cloud identity providers is required. This role offers opportunities to work with innovative tools in a fast-paced environment. #J-18808-Ljbffr

Crusoe's mission is to accelerate the abundance of energy and intelligence. We're crafting the engine that powers a world where people can create ambitiously with AI - without sacrificing scale, speed, or sustainability. Be a part of the AI revolution with sustainable technology at Crusoe. Here, you'll drive meaningful innovation, make a tangible impact, and join a team that's setting the pace for responsible, transformative cloud infrastructure. We are seeking a highly skilled Staff Infrastructure Security Engineer to architect, deploy, and operationalize the foundational security services that will underpin our shift to a Zero Trust model. In this strategic role, you will define and establish the "roots of trust" for our organization, serving as a technical leader in Secrets Management and Identity architecture. While your immediate focus is to serve as the Subject Matter Expert (SME) driving our enterprise HashiCorp Vault platform from Proof-of-Concept (PoC) to global production readiness, your long-term scope is far broader. You will be responsible for evolving our credentials management strategy, onboarding engineering teams to secure self-service workflows, and designing scalable trust patterns across our hybrid multi-cloud environment. Key Responsibilities 1. Strategic Architecture & Governance Zero Trust Architecture: Architect a highly available, disaster-resilient, and scalable multi-cluster secrets management platform that serves as the foundation for the organization's Zero Trust strategy. Technical Leadership: Drive consensus across Cloud Engineering, DevOps, and SRE teams to define standardized secret management workflows and integrate security patterns into the SDLC. Compliance & Governance: Ensure the platform design meets rigorous internal policies and external compliance frameworks (e.g., SOX, ISO 27001). Policy as Code: Design and implement advanced governance controls, including Sentinel Policy as Code, to automate security guardrails and access decisions. 2. Platform Engineering & Implementation Infrastructure as Code (IaC): Lead the engineering of the Vault infrastructure using Terraform, ensuring all deployments are reproducible, version-controlled, and automated. Identity Integration: Architect the integration between the secrets platform, Identity Providers (Okta), and workload identities (Kubernetes Service Accounts) to establish robust machine-to-machine authentication. Advanced Secrets Capabilities: Configure and tune essential secrets engines (KV, Transit, KMIP) and Enterprise features (Performance Replication, Seal automation) to support diverse engineering use cases. 3. Operational Excellence & Developer Enablement Vault as a Service (VaaS): Operationalize the platform by building self-service mechanisms, distinct "paved road" onboarding procedures, and documentation that allows engineering teams to easily consume security services. Observability: Implement comprehensive monitoring, alerting, and audit logging to ensure platform health, provide visibility into usage patterns, and satisfy audit requirements. Lifecycle Management: Own the full operational lifecycle of the production environment, including patching, version upgrades, backup/restore procedures, and incident response runbooks. Required Qualifications 6+ years (or equivalent) hands-on experience in cloud security, DevOps, or infrastructure engineering. Deep expertise and proven track record deploying and managing HashiCorp Vault in an enterprise environment (experience with the Enterprise edition is highly preferred). Expert-level knowledge of Secrets Management, X.509 PKI (Public Key Infrastructure), Certificate Authority Operations, and Cryptography concepts. Strong experience with Google Cloud Platform (GCP) and cloud native identity and access management (IAM). Proficiency with Infrastructure as Code (IaC) tools, especially Terraform, for automating the deployment and configuration of Vault and its dependent infrastructure. Technical Skills Fluent in at least one programming language (b ideally Go or Python). Demonstrable experience with Kubernetes and container security principles, especially integrating secrets into microservices architectures. Strong understanding of network security concepts (IP addressing, IP routing, firewalls, segmentation, Zero Trust). Benefits: Industry competitive pay Restricted Stock Units in a fast growing, well-funded technology company Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents Employer contributions to HSA accounts Paid Parental Leave Paid life insurance, short-term and long-term disability Teladoc 401(k) with a 100% match up to 4% of salary Generous paid time off and holiday schedule Cell phone reimbursement Tuition reimbursement Subscription to the Calm app MetLife Legal Company paid commuter benefit; $300 per month Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation. #J-18808-Ljbffr

A leading firm in interior design and construction is seeking an experienced Information Security Engineer to enhance cybersecurity operations and support incident management. The ideal candidate has over 5 years in cybersecurity with expertise in network and endpoint security, complemented by strong analytical skills. This role offers a competitive salary, flexible work environment, and career development opportunities. #J-18808-Ljbffr

A technology firm in San Francisco is seeking a Corporate Security Engineer to lead initiatives ensuring the safety of its corporate environment. The ideal candidate will have over 4 years of experience in Corporate Security, familiarity with Identity and Access Management, and a strong understanding of security concepts. This role offers hybrid working arrangements and a competitive compensation and benefits package, including mental health support and career coaching. #J-18808-Ljbffr

A leading technology company in San Francisco is seeking a skilled engineer to develop secure systems and contribute to a culture of trust and innovation. You will work on creating security-focused designs for AI systems and enhance data protection. The ideal candidate has experience in software engineering and a strong mindset for security. This role offers a dynamic environment with flexible benefits including unlimited paid time off and comprehensive health coverage. #J-18808-Ljbffr

Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI's technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture. About the Role We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our hardware products and related services. In this role you will: Collaborate proactively with engineering teams to enhance security and mitigate risks in hardware, firmware, and software. Perform comprehensive penetration testing on our diverse suite of products. Leverage advanced automation and OpenAI technologies to optimize your offensive security work. Present insightful, actionable findings clearly and compellingly to inspire impactful change. Influence security strategy by providing attacker-driven insights into risk and threat modeling. You might thrive in this role if you have: 7+ years of hands‑on experience or exceptional accomplishments demonstrating equivalent expertise. Exceptional skill in code review, identifying novel and subtle vulnerabilities. Demonstrated mastery assessing complex technology stacks, including: Proven ability to reverse engineer bootrom images, firmware, or silicon‑level components. Deep familiarity with low‑level kernel operations, secure boot processes, and hardware‑software interactions. Hands‑on experience building and validating secure boot chains and threat models. Proficiency with hardware debugging tools (UART, JTAG, SWD, oscilloscopes, logic analyzers). Solid programming skills in C/C++, Python, or assembly for embedded systems. Industry experience securing consumer hardware (e.g., mobile devices, IoT, chipsets). Excellent written and verbal communication skills for technical and non‑technical audiences. Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts. Excellent coding skills, capable of writing robust tools and automation for offensive operations. Ability to communicate complex technical concepts effectively through compelling storytelling. Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases. Prior experience working in tech startups or fast‑paced technology environments. Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure. About OpenAI OpenAI is an AI research and deployment company dedicated to ensuring that general‑purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non‑public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations. To notify OpenAI that you believe this job posting is non‑compliant, please submit a report through this form . No response will be provided to inquiries unrelated to job posting compliance. We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link. At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology. #J-18808-Ljbffr

Crusoe's mission is to accelerate the abundance of energy and intelligence. We're crafting the engine that powers a world where people can create ambitiously with AI - without sacrificing scale, speed, or sustainability. Be a part of the AI revolution with sustainable technology at Crusoe. Here, you'll drive meaningful innovation, make a tangible impact, and join a team that's setting the pace for responsible, transformative cloud infrastructure. About This Role At Crusoe, the AI Security Engineer is central to ensuring the safety, integrity, and resilience of our rapidly evolving AI ecosystem. You will serve as the technical authority on securing Large Language Models (LLMs), AI-powered platforms, and the infrastructure that supports them-driving both strategy and execution for our next generation of secure AI systems. What You'll Be Working On AI Security SME & Strategic Partner: Act as the technical leader and SME on the practical security of our AI and LLM ecosystem and define the long‑term technical roadmap for AI security architecture and drive high‑impact cross‑functional initiatives. LLM Architecture & Design Ownership: Lead the design and implementation of highly secure Generative AI solutions for security applications, focusing on architectural patterns like Retrieval‑Augmented Generation (RAG). AI‑Powered Tooling & Automation: Architect and implement custom, AI‑powered security tooling that automates threat detection, vulnerability analysis, and data access control, moving from proof‑of‑concept to production at scale. Secure MLOps & Governance: Establish governance and processes for secure MLOps pipelines. Define standards for model versioning, deployment, and monitoring, ensuring they meet rigorous compliance and security requirements. Threat Mitigation & Mentorship: Lead threat modeling exercises for novel AI systems. Apply advanced security and privacy best practices, and mentor senior engineers on secure development practices in the GenAI domain. System‑Level Ownership: Drive the entire lifecycle of critical AI security projects. What You'll Bring to the Team 3+ years of professional experience building and maintaining production systems, with strong Python programming skills and experience across the stack (backend/frontend). Deep expertise in advanced Generative AI techniques, including implementing Retrieval‑Augmented Generation (RAG), designing AI Agents and Multi‑step Cognitive Processes (MCP), and building with workflow orchestration frameworks. Proven ability to own the entire model lifecycle by designing and managing robust MLOps pipelines; experience with containerization (Docker), virtualization (VMs), and cloud platforms (AWS, GCP, Azure) is a plus. Experience in designing, implementing, and fine‑tuning custom LLMs, coupled with a strong understanding of NLP fundamentals, transformer architectures, PyTorch/TensorFlow, and data structures. Strong curiosity about security, privacy, and threat modeling; a desire to safely "break" systems to secure them and apply best practices to AI pipelines and deployments. Strong product sense for rapid iteration and refinement based on data, combined with a collaborative mindset to work closely with engineers, product managers, and security analysts in a fast‑paced environment. Benefits Industry competitive pay Restricted Stock Units in a fast growing, well‑funded technology company Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents Employer contributions to HSA accounts Paid Parental Leave Paid life insurance, short‑term and long‑term disability Teladoc 401(k) with a 100% match up to 4% of salary Generous paid time off and holiday schedule Cell phone reimbursement Tuition reimbursement Subscription to the Calm app MetLife Legal Company paid commuter benefit; $300 per month Compensation Compensation will be paid in the range of $135,000 - $150,000. Restricted Stock Units are included in all offers. Compensation to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data. Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation. #J-18808-Ljbffr

A leading collaboration platform seeks a Corporate Security Engineer to lead security initiatives and protect the corporate environment. You will collaborate with IT and engineering teams, design security tools, and drive the implementation of Data Loss Prevention strategies. Ideal candidates have 4 years of experience in IT Security, knowledge of security frameworks, and familiarity with various security tools. This role is hybrid, based at the San Francisco office. #J-18808-Ljbffr