Security Engineer

Bachelor's degree in Computer Science, Cybersecurity, or a related field. 5+ years of experience in information security roles, with a focus on cloud security. Strong programming skills in at least one language (ideally, Python, Go, or C). Extensive knowledge of Linux kernel internals, containerization technologies, and virtualization. Deep understanding of workload/network isolation techniques in multitenant cloud environments. Experience securing and hardening cloud infrastructure, particularly in environments with untrusted workloads. Familiarity with GPU architecture and security considerations in GPU cloud computing. Strong background in network security, application security, and cloud-native security practices. Experience with security testing tools and methodologies (e.g., OWASP, Burp Suite, static/dynamic analysis tools). Familiarity with common cybersecurity frameworks (e.g., NIST, CIS Controls) and their application to cloud environments. Excellent problem-solving skills and ability to think creatively about security challenges in cloud computing. Successful completion of a background check.

Design and implement secure architectures for RunPod's multitenant GPU cloud platform, ensuring strong isolation between customer workloads. Conduct thorough security assessments, including threat modeling, code reviews, and penetration testing of our cloud infrastructure and services. Develop and implement security fixes and improvements in collaboration with software engineering teams. Implement and manage security tools and systems (e.g., SIEM, WAF, EDR). Create and maintain security documentation, including policies, procedures, and technical guidelines specific to GPU cloud security. Provide security guidance and training to development teams to foster a security-first culture in cloud development. Participate in incident response activities and contribute to post-incident analysis and improvements. Collaborate with operations team to ensure adherence to relevant standards (e.g., SOC 2, ISO 27001, GDPR).