Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.

We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.

We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.

If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe.

About This Role

We’re seeking a Staff Infrastructure Security Engineer to architect and operationalize the foundational security services that enable our transition to a Zero Trust model. This is a highly strategic role focused on establishing the organization’s “roots of trust,” with immediate ownership of our enterprise HashiCorp Vault platform, from Proof of Concept through global production readiness.

You’ll serve as the subject matter expert for secrets management and identity architecture, while designing scalable, self-service trust patterns across our hybrid, multi-cloud environment. Over time, this role will shape our long-term credentials management strategy and how engineering teams securely interact with core infrastructure.

What You’ll Be Working On

• Architecting a highly available, disaster-resilient, multi-cluster secrets management platform as the foundation of our Zero Trust strategy
• Driving Vault from PoC to enterprise-grade production, establishing standards, reliability, and scalability
• Leading cross-functional alignment with Cloud Engineering, DevOps, and SRE teams on secure secret management workflows embedded into the SDLC
• Designing and enforcing governance controls to meet internal policies and external compliance requirements (e.g., SOX, ISO 27001)
• Implementing Policy as Code using Sentinel to automate guardrails and access decisions
• Engineering Vault infrastructure using Terraform with fully automated, reproducible, and version-controlled deployments
• Architecting integrations between Vault, identity providers (e.g., Okta), and workload identities (e.g., Kubernetes Service Accounts)
• Configuring and tuning core Vault secrets engines (KV, Transit, KMIP) and Enterprise features such as performance replication and automated sealing
• Operationalizing “Vault as a Service” through paved-road onboarding, self-service workflows, and clear developer documentation
• Building observability across the platform, including monitoring, alerting, audit logging, and usage insights
  
  
  

What You’ll Bring To The Team

• 8+ years of hands-on experience in cloud security, DevOps, or infrastructure engineering
• Deep, production-grade experience deploying and operating HashiCorp Vault in enterprise environments (Enterprise edition strongly preferred)
• Expert knowledge of secrets management, cryptography, PKI/X.509 certificate authorities, and trust systems
• Strong experience with Google Cloud Platform (GCP) and cloud-native IAM models
• Proven expertise using Infrastructure-as-Code tools (Terraform) to automate security platforms
• Hands-on experience with Kubernetes and securely integrating secrets into microservices architectures
• Fluency in at least one programming language (Go or Python preferred) for automation and tooling
• Strong understanding of network security fundamentals, including segmentation, firewalls, routing, and Zero Trust concepts
  
  
  

Bonus Points

• Experience building internal “security platforms” or Vault-as-a-Service offerings
• Prior ownership of enterprise-wide identity or credential lifecycle programs
• Experience operating Vault across hybrid or multi-cloud environments
• Familiarity with advanced Vault governance patterns and large-scale developer onboarding
  
  
  

Benefits:

• Industry competitive pay
• Restricted Stock Units in a fast growing, well-funded technology company
• Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
• Employer contributions to HSA accounts
• Paid Parental Leave
• Paid life insurance, short-term and long-term disability
• Teladoc
• 401(k) with a 100% match up to 4% of salary
• Generous paid time off and holiday schedule
• Cell phone reimbursement
• Tuition reimbursement
• Subscription to the Calm app
• MetLife Legal
• Company paid commuter benefit; $300 per month
  
  
  

Compensation Range

Compensation will be paid in the range of up to $210,000 - $265,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.

Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.