Infrastructure Security Engineer

📋 Description

• • Design and build security tools and guardrails that integrate directly into ElevenLabs’ cloud infrastructure and AI-powered products to enable secure, high-velocity development.
• • Partner with Engineering and Infrastructure teams to review application architectures, develop threat models, and embed secure-by-default patterns throughout the software development lifecycle.
• • Identify, prioritize, and remediate security vulnerabilities across the entire technology stack, collaborating directly with engineers to contribute to fixes and implement patches.
• • Ship new security features that directly improve the security posture of production systems, ensuring alignment with ElevenLabs’高标准 quality expectations.
• • Design and implement supply chain security controls across build and deployment pipelines, including artifact signing, provenance verification, dynamic admission controls, and SBOM generation.
• • Work cross-functionally to enforce security policies in cloud-native environments using AWS or GCP, Kubernetes, and infrastructure-as-code tools like Terraform.
• • Conduct continuous evaluation of security postures, ensuring configurations, permissions, and network policies comply with industry best practices and internal standards.
• • Proactively anticipate emerging threats in AI and cloud infrastructure, translating insights into actionable security controls that scale with product growth.
• • Contribute to the evolution of ElevenLabs’ security program by documenting procedures, creating internal training materials, and improving automation for recurring security tasks.
• • Maintain deep knowledge of cloud security fundamentals including IAM, networking, PKI, and Linux internals to assess and harden system configurations.
• • Support audits and compliance initiatives by providing technical evidence and documentation for security controls, particularly in regulated environments.
• • Collaborate with global engineering teams to ensure security is integrated early and consistently, reinforcing a culture of shared responsibility for system integrity.
• • Monitor and respond to security alerts using automated detection systems, ensuring rapid containment and resolution of incidents without impeding developer velocity.
• • Advocate for secure development practices by influencing tooling choices, code reviews, and architectural decisions across multiple product teams.
• • Balance security rigor with developer experience, ensuring guardrails are effective without introducing unnecessary friction to deployment workflows.
• • Stay current with advancements in AI system security, including risks specific to training pipelines, model poisoning, and inference layer vulnerabilities.
• • Participate in incident response drills and post-mortems to refine detection mechanisms and improve resilience against future attacks.