Engineering Infrastructure Security Manager

Position Overview

We are seeking an experienced Engineering Infrastructure Security Manager to lead the security of our production and non-production engineering systems. This critical leadership role is responsible for protecting the infrastructure that powers our software development lifecycle, including source control systems, CI/CD pipelines, build environments, deployment platforms, development tools, and associated cloud resources. The ideal candidate combines deep technical security expertise with strong leadership skills and a thorough understanding of modern engineering practices.

Key Responsibilities

Engineering Systems Security

• Design and implement security controls for production and non-production engineering infrastructure, including development, staging, testing, and production environments
• Secure CI/CD pipelines, build systems, artifact repositories, and deployment automation tools against supply chain attacks and unauthorized access
• Implement and maintain security for source control systems, code repositories, and secrets management platforms
• Oversee security of containerization platforms (Docker, Kubernetes), orchestration systems, and infrastructure-as-code environments
• Manage security for engineering cloud resources across multiple providers (AWS, GCP, Azure) and hybrid environments

Security Architecture & Technical Leadership

• Design and implement security frameworks specifically tailored to engineering workflows and developer productivity requirements
• Balance security requirements with developer experience and engineering velocity
• Implement zero-trust architectures and least-privilege access models for engineering systems
• Oversee security of API gateways, service meshes, and microservices architectures
• Lead security initiatives for infrastructure monitoring, logging, and observability platforms

Risk Management & Vulnerability Response

• Conduct regular security assessments and penetration testing of engineering infrastructure
• Manage vulnerability scanning and remediation programs for engineering systems and dependencies
• Develop and maintain threat models for production deployment pipelines and critical engineering systems
• Lead incident response efforts for security events affecting engineering infrastructure
• Track and analyze security metrics specific to engineering systems (deployment security, infrastructure drift, configuration compliance)

Team Leadership & Collaboration

• Build, mentor, and manage a team of security engineers focused on infrastructure protection
• Foster a culture of "security as code" and integrate security practices into engineering workflows
• Partner with platform engineering, SRE, and development teams to embed security into the software development lifecycle
• Provide security guidance and training to engineering teams on secure infrastructure practices
• Create a psychologically safe environment that encourages security awareness and proactive threat reporting

Policy, Compliance & Governance

• Develop and enforce security policies for engineering infrastructure that comply with SOC 2, ISO 27001, and other relevant frameworks
• Ensure compliance with data protection regulations (GDPR, CCPA) in engineering environments
• Implement and maintain security controls for production data access and handling
• Manage access control policies and implement role-based access control (RBAC) for engineering systems
• Conduct regular security audits and prepare documentation for compliance assessments

Automation & Continuous Improvement

• Drive automation of security controls, monitoring, and response for engineering infrastructure
• Implement security-as-code practices using tools like Terraform, CloudFormation, and policy-as-code frameworks
• Build automated security testing into CI/CD pipelines (SAST, DAST, container scanning, dependency checks)
• Develop and maintain infrastructure security baselines and automated compliance checking
• Lead initiatives to reduce security technical debt in engineering systems

Business Continuity & Disaster Recovery

• Design and test disaster recovery plans for critical engineering infrastructure
• Implement and maintain backup strategies for source code, build artifacts, and configuration data
• Ensure high availability and resilience of production engineering systems
• Plan for and manage security aspects of incident response and business continuity

Required Qualifications

Technical Expertise

• 7+ years of experience in infrastructure security or related fields, with 3+ years in a leadership role
• Deep understanding of cloud security (AWS, GCP, Azure) and cloud-native security patterns
• Extensive experience securing containerized environments, Kubernetes, and orchestration platforms
• Strong knowledge of CI/CD security, supply chain security, and software composition analysis
• Proficiency with infrastructure-as-code tools (Terraform, Ansible, CloudFormation) and security automation
• Experience with security tools including SIEM, vulnerability scanners, endpoint protection, and intrusion detection/prevention systems
• Understanding of network security, encryption, identity and access management, and secrets management

Leadership & Management

• Proven track record of building and leading high-performing security teams
• Experience managing cross-functional security initiatives involving engineering, operations, and product teams
• Strong project management skills with ability to drive complex security initiatives to completion
• Ability to mentor and develop security talent at various experience levels

Communication & Strategic Thinking

• Excellent communication skills with ability to explain complex security concepts to both technical and non-technical audiences
• Experience presenting security strategies and risk assessments to executive leadership
• Ability to translate business requirements into security solutions and vice versa
• Strong documentation skills for policies, procedures, and technical specifications

Compliance & Risk Management

• Experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI-DSS)
• Strong understanding of risk assessment methodologies and security frameworks
• Knowledge of regulatory requirements related to data protection and privacy

Preferred Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or related field
• Security certifications such as CISSP, CISM, CCSP, CEH, or cloud security certifications
• Experience with GitOps workflows and security tooling (GitHub Advanced Security, GitLab Security, etc.)
• Knowledge of programming/scripting languages (Python, Go, Bash) for security automation
• Experience in highly regulated industries (finance, healthcare, government)
• Background in Site Reliability Engineering (SRE) or DevOps practices
• Experience with security in microservices and serverless architectures
• Familiarity with security research and staying current with emerging threats in engineering infrastructure

What We Offer

• Opportunity to shape security strategy for critical engineering infrastructure
• Collaborative environment working closely with engineering and product teams
• Competitive compensation and benefits package