Principal Infrastructure Security Engineer
Company Overview
Unchained offers a suite of bitcoin financial services built on top of a unique collaborative custody model. These include: buying and selling bitcoin directly to and from cold storage, bitcoin retirement accounts, bitcoin-backed loans, concierge services to educate clients on best security practices, and cold storage solutions for institutions and other businesses.
Job Overview
The Principal Infrastructure Security Engineer plays a critical role in ensuring the security and integrity of the company’s IT infrastructure and systems. You will own the security architecture for all AWS and Kubernetes workloads, enforce least-privilege IAM roles and policies, embed guardrails through infrastructure-as-code, and lead the technical response to infrastructure threats. Working side-by-side with DevOps, SRE, and Platform teams, you’ll automate vulnerability management, integrate security checks into every CI/CD path, and continuously harden our cloud foundation. This hands-on role demands deep technical expertise, strategic vision, and the ability to mentor engineers while driving a secure-by-default culture across the organization.
What You Will Do
- Design and implement security controls and best practices for AWS infrastructure
- Collaborate with Infra teams to integrate security best practices into infrastructure-as-code (CloudFormation, Terraform)
- Implement and manage vulnerability scanning and management processes for AWS infrastructure and Kubernetes clusters
- Collaborate with DevOps teams to integrate security into CI/CD pipelines and automate security checks
- Conduct security assessments and penetration testing of AWS infrastructure and Kubernetes clusters
- Develop and maintain security policies, procedures, and guidelines for AWS and Kubernetes
- Integrate and manage SSO solutions for secure, streamlined authentication to AWS and Kubernetes clusters
- Develop and maintain hardened container images to enhance container security and minimize attack surface
- Automate vulnerability management workflows by integrating security findings from platforms such as Wiz into actionable tickets and remediation processes
- Monitor and respond to security incidents and alerts related to infrastructure security
- Provide technical guidance and mentorship to junior team members
- Stay current with the latest cloud security trends, threats, and best practices
- Drive innovation and continuous improvement of infrastructure security processes and tools
Who You Are
- You have 8+ years of experience in infrastructure security, with a focus on cloud security (AWS)
- You have deep expertise in securing AWS services (EC2, S3, IAM, VPC, etc.) and Kubernetes
- You have strong knowledge of infrastructure-as-code practices and tools (CloudFormation, Terraform)
- You have experience with vulnerability scanning, management, and remediation in cloud environments
- You are familiar with containerization and orchestration technologies (Docker, Kubernetes)
- You have a solid understanding of security best practices for CI/CD pipelines and DevSecOps
- You have excellent problem-solving and analytical skills
- You have strong communication and collaboration abilities
- You are able to lead and mentor junior team members
- You are passionate about staying up-to-date with the latest cloud security technologies and best practices
- You reside in the United States
Nice to Haves
- You have a bachelor’s degree in Computer Science, Engineering or related field
- You have relevant security certifications (CISSP, CISM, CCSP, or similar)
- You are familiar with cloud security and DevSecOps practices
- You have experience working in the Bitcoin space
What We Offer
- Company paid medical, dental, and vision coverage
- 401k with employer match
- Employee stock options
- Unlimited PTO
- Training & development opportunities
- Remote work flexibility