Infrastructure Security Engineer
Prometheum, Inc.
New York, United States of America
yesterday
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
Senior Compensation
$ 185KJob location
Remote
New York, United States of America
Tech stack
Kubernetes Security
Microsoft Access
Private Networks
Artificial Intelligence
Amazon Web Services (AWS)
Applicant Tracking Systems
Bash
Cloud Computing
Computer Security
DevOps
Digital Assets
Domain Name System Security Extensions
DNS
Github
Identity and Access Management
Information Systems Security Architecture Professional
Python
Network Security
Blockchain
Zero Trust Network Access
Security Information and Event Management
TypeScript
Software Vulnerability Management
Datadog
Scripting (Bash/Python/Go/Ruby)
Kubernetes Helm Charts
Firewalls (Computer Science)
Amazon Web Services (AWS)
Kubernetes
Information Technology
Cloudflare
Route53
Terraform
Docker
Static Application Security Testing
Vulnerability Analysis
Go
Dynamic Application Security Testing
Job description
- This is a senior, hands-on role with intentionally broad scope
- Cloud infrastructure, security operations, and regulatory compliance are consolidated into a single function rather than distributed across a large team - which means real ownership, direct access to leadership, and the ability to shape how security is built and operated at Prometheum
- Prometheum is actively maturing its security function, and this role will be instrumental in shaping where it goes - you'll be building on an existing foundation and defining what comes next
- Design and maintain secure AWS cloud infrastructure using Terraform and Terragrunt, with a focus on IAM least-privilege, account isolation, and security guardrails across multiple AWS environments
- Manage AWS network security: VPC segmentation and design, Transit Gateway architecture, PrivateLink for service isolation, Network Firewall, and Route 53 Resolver for DNS security
- Manage and maintain Cloudflare infrastructure including DNS, WAF, and edge compute
- Architect and operate Cloudflare Zero Trust - including Access policies, Tunnel configuration for private network routing, Gateway egress filtering and DNS security policies, and WARP client deployment
- Manage and tune AWS-native security tooling: GuardDuty, Security Hub, Config, Inspector, CloudTrail, and WAF
- Integrate security controls into CI/CD pipelines (GitHub Actions) - including SAST, DAST, container image scanning, dependency vulnerability checks, and secrets detection
- Enhance container and workload security through image signing, admission controllers (Kyverno), runtime policies, and base image hygiene
- Manage dependency and patch lifecycle across Docker images, Helm charts, Terraform modules, and application packages
- Own and operate security monitoring and incident response: maintain SIEM/log aggregation pipelines, tune alerting for anomalous behavior and policy violations, lead root cause analysis, and document post-mortems
- Conduct and coordinate vulnerability assessments; track findings through to remediation
- Automate compliance checks and drift detection using infrastructure scanning and policy-as-code tooling
- Participate in on-call rotation to respond to security and infrastructure incidents
- Support SEC and FINRA compliance obligations by implementing and documenting technical controls, and partner with legal and compliance teams during audits and regulatory reviews
- Document infrastructure patterns, access controls, and security architecture for audit readiness
Requirements
- The right candidate has worked in a lean, regulated environment before and is energized by breadth rather than frustrated by it
- 5+ years of experience in infrastructure, security engineering, or DevOps - with meaningful hands-on overlap across all three
- Hands-on experience securing CI/CD pipelines: SAST, container scanning, secrets detection, and policy gates in GitHub Actions or similar
- 7+ years of experience in information technology or cloud infrastructure
- Production experience with Cloudflare Zero Trust - Access, Tunnel, Gateway, and WARP; familiarity with Cloudflare Workers or edge compute is a plus
- Experience with vulnerability management lifecycle: scanning, prioritization, tracking, and remediation
- Strong written communication skills - able to produce documentation that satisfies both engineering and audit audiences
- Experience operating a security observability stack; Datadog is our current platform and familiarity with it is a plus
- Strong Infrastructure-as-Code skills using Terraform and Terragrunt
- Experience operating in a regulated financial services environment and the compliance obligations that come with it
- Solid AWS networking knowledge: VPC design and segmentation, Transit Gateway, PrivateLink, Route 53 Resolver, and Network Firewall in a multi-account environment
- Strong AWS expertise across security-relevant services: IAM, VPC, GuardDuty, Security Hub, Config, CloudTrail, Secrets Manager, KMS, Network Firewall, and PrivateLink
- Proficiency in at least one scripting or programming language: Python, Go, Bash, or TypeScript
- Experience with blockchain infrastructure or digital asset platforms
- Kubernetes/EKS experience at any depth - even working familiarity is valued
- Any of the following certifications are valued but not required: AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Kubernetes Security Specialist (CKS)
- Background contributing to or managing vendor security reviews and third-party risk assessments
- Experience with AI-assisted tooling in DevOps or security workflows
- Experience working in a highly regulated financial services environment - broker-dealer, RIA, ATS, or custodian - with direct exposure to SEC or FINRA examinations
- Familiarity with Regulation S-P breach notification workflows, FINRA Rule 4530 incident reporting, or AML/BSA technical control implementation
Benefits & conditions
- Health, dental, vision, disability, and life insurance
- 401k plan
- Competitive vacation time
- Time off for observed federal holidays
- Paid sick days
- Stock options