Infrastructure Security Engineer

About Us:

AI needs a new infrastructure layer. We're building it at Modal.

Every era of computing brought new workloads that previous infrastructure couldn't support: mainframes, databases, and the cloud. Each time, the company that rebuilt the layer underneath defined the decade. AI is no different, except it touches everything instead of one slice, and the window to build the layer underneath it is open right now.

Our customers include category-defining companies like Lovable, Ramp, Cognition, DoorDash, and Suno. They rely on Modal for instant GPU access, sub-second container starts, and native storage, so it's simple to serve low-latency inference, fine-tune models, and access production-ready sandboxes at scale.

We recently raised a $355M Series C at a $4.65B valuation, led by General Catalyst and Redpoint Ventures. We've crossed $300M+ ARR and grown fivefold since September.

Our team includes creators of popular open-source projects (e.g.,Seaborn,Luigi), academic researchers, international olympiad medalists, and experienced engineering and product leaders with decades of experience.

The Role:

We’re looking for an Infrastructure Security Engineer to design and secure the core systems that power our platform. This role focuses on building security directly into our infrastructure—from container isolation and orchestration to identity and secrets management in a multi-tenant, cloud-native environment.

You’ll work closely with engineering teams to define secure primitives and ensure our platform is resilient, scalable, and trustworthy by design.

This is a hands-on, deeply technical role focused on real systems, not compliance or policy.

What You'll Do:

Platform & Runtime Security

• Design and improve isolation mechanisms for multi-tenant workloads (containers, sandboxing, execution environments)

• Strengthen boundaries between customers, workloads, and internal systems

• Identify and mitigate risks in distributed, dynamic compute environments

Container & Orchestration Security

• Secure and harden containerized workloads and orchestration systems (e.g., Kubernetes or similar)

• Improve workload isolation, scheduling boundaries, and runtime protections

• Evaluate tradeoffs in multi-tenant execution models

Identity & Access Management

• Design and improve authentication and authorization systems across services

• Implement strong service-to-service identity and least-privilege access patterns

• Improve access controls across infrastructure and internal systems

Secrets & Key Management

• Build and maintain systems for securely managing secrets, tokens, and credentials

• Improve rotation, auditing, and access controls

• Reduce secret sprawl and integrate secure patterns into developer workflows

Cloud & Infrastructure Security

• Secure cloud environments across providers (AWS, GCP, etc.) with a focus on consistency and portability

• Improve network boundaries, service segmentation, and access controls

• Embed security into infrastructure-as-code and deployment systems

Engineering Partnership

• Work closely with product and infrastructure teams to design secure systems from the ground up

• Review architecture and code for security risks and provide actionable guidance

• Identify patterns in risks and drive cross-cutting improvements

Requirements:

Core Experience

• Experience securing cloud-native infrastructure and distributed systems in production

• Background in infrastructure, backend, or security engineering

• Experience working in multi-tenant or high-scale environments

Technical Depth

• Strong understanding of containerization and orchestration systems (e.g., Kubernetes or similar)

• Experience designing or securing isolation mechanisms in multi-tenant systems

• Solid understanding of authentication, authorization, and service identity models

• Experience with secrets management and secure handling of credentials

• Strong foundation in networking concepts (segmentation, service communication, access boundaries)

Mindset

• Builder mentality, you design and implement, not just review

• Pragmatic approach to security in fast-moving environments

• Comfortable working deeply with engineers and influencing system design

Preferred Qualifications:

• Experience with sandboxing or runtime isolation technologies (e.g., gVisor, Firecracker, seccomp, or similar)

• Familiarity with kernel-level or low-level isolation primitives

• Experience securing Kubernetes or similar orchestration systems in production

• Background in developer infrastructure, compute platforms, or multi-tenant systems