Staff Security Engineer

We use AI to do things that were previously impossible. Topaz Labs builds professional-grade software that uses deep learning to enhance image and video quality. Over 1 million photographers and designers trust us with their work, including teams at Apple, Netflix, NASA, and Disney. We've processed over 1 billion images, achieved massive revenue growth, and we're only getting started.We are a small, profitable, and product-led team that values craftsmanship and impact over activity. We don't just ship features; we solve hard problems to help creatives do their best work.

As our first Principal Security Engineer, you will own the security posture for the entire organization—from the cloud to the colo, and from the training cluster to the office network.This is not a high-level compliance role. You will be reporting directly to the Head of AI Engine, but your scope spans the entire company. You must be willing to get your hands dirty.We operate a hybrid infrastructure: AWS, massive on-premise GPU training clusters in our colocation facility, and a corporate fleet of devices. Your mission is to secure every layer of this stack. You will have complete autonomy to architect security for our compute resources, manage office/colo networks, and harden our endpoints.

• • Secure the Hybrid Infrastructure (AWS & Colo): You will be the single owner for security across our cloud environments and our physical colocation data centers. This includes configuring firewalls, managing physical network security, and hardening our Linux GPU clusters.
• Corporate & Endpoint Security: You will own the security of our internal tools and devices. You will manage our fleet (primarily macOS) using Jamf and oversee identity management via Active Directory.
• You ensure our creative workflows are secure without being obstructive.
• Hands-On Penetration Testing: We don't just rely on external audits. You will regularly conduct hands-on penetration tests against our internal networks, office infrastructure, and AI applications to find vulnerabilities before anyone else does.
• Secure the AI Supply Chain: Our models are our most valuable IP. You will design systems to protect our model weights during training, storage, and delivery, ensuring they are tamper-proof and secure from theft or reverse engineering.

• • You are a hands-on generalist. You are just as comfortable configuring an IAM policy in AWS as you are setting up a switch in a colocation rack or writing a script for Jamf.
• You have a craftsmanship mentality. You take personal pride in building systems that are robust, elegant, and secure by default. You don't just patch holes; you eliminate entire classes of vulnerabilities.
• You are an infrastructure native. You are fluent in Linux internals, networking, and container orchestration. You understand the unique security challenges of cloud, distributed, and HPC environments.
• You value truth over comfort. You are willing to have hard conversations about risk and prioritize fixing root causes over applying band-aids.
• You think like an attacker. You don't wait for a report to tell you something is wrong. You actively probe our defenses (office, colo, and cloud) to prove they work.

• • 7+ years of experience in security engineering, with a mix of infrastructure, corporate IT, and offensive security.
• Deep hands-on experience with cloud security and compliance (AWS, IAM, VPC, SOC II, Vanta).
• Proven experience with Endpoint Management & Identity: Expert-level knowledge of Jamf for macOS management and Active Directory (or modern equivalents) for identity governance.
• Physical & Network Security: Experience securing physical office networks and colocation facilities (firewalls, VPNs, switching).
• Offensive Security: Demonstrated ability to perform manual penetration testing (network and web app).Proficiency in scripting (Python/Bash) to automate security tasks.
• Bonus: Experience securing on-device software or desktop applications (Windows/macOS).

Do you meet most but not 100% of the above? We'd still like to hear from you–we are passionate about developing a diverse team and culture, so please apply if you're interested

This is a unique role for someone interested in making a deep impact at a high-growth tech software company. We offer strong base salary, plus significant ownership that scales with the company's growth. We also offer 100% covered medical/dental/vision for employees, 15 days annual PTO, 5 personal days plus holidays, and 401k matching.

This is a full-time onsite role in Dallas, TX, and we will ask you to relocate if you're not in the area.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.