Information Security Engineer

About The Role:

What You’ll Do:

• Build and manage cyber security at Atomic Machines.
• Develop and implement a strategic vision for securing Atomic Machines’ assets, including IP, financial records, personal data, and physical infrastructure, while designing scalable security architectures for both cloud-native and on-prem systems.
• Conduct security risk assessments, threat modeling, and incident response, identifying vulnerabilities, implementing mitigations, and managing escalations as needed.
• Lead IT risk and compliance initiatives, implementing cybersecurity best practices (e.g., ISO 27001, NIST), conducting internal audits, assessing vendor security certifications, and reviewing contractual security requirements.
• Integrate security into CI/CD pipelines and Git-driven Infrastructure-as-Code (IaC) workflows to support secure software releases.
• Manage security across networking and infrastructure across engineering teams, including physical access control, on-prem servers, cloud services, CI/CD pipelines, and embedded systems, ensuring scalability and reliability.
• Develop and deliver formal and informal security training sessions to educate the engineering organization on best practices, risk mitigation strategies, and secure development principles.
• Partner with and manage external agencies and vendors when additional security coverage and support are needed.

What You’ll Need:

• 8 years of experience in Information Security, including at least 3 years in a management role.
• Experience managing all aspects of Information Security for a company, including Cyber Security, risk assessment, and incident response (startup experience preferred).
• Previous industry experience as a System Administrator, with hands-on knowledge of infrastructure management, user access controls, and system security best practices.
• Expertise in cloud security for modern AWS architectures, including IAM, security monitoring, logging, security configuration, and Infrastructure-as-Code (IaC).
• Proficiency in Infrastructure-as-Code (IaC) workflows (e.g., Terraform, Ansible, Git).
• Ability to enable secure cloud environments for production software releases using AWS services (e.g., EC2, Redshift, S3) and hybrid security solutions (e.g., Tailscale, WireGuard).
• Strong networking expertise across physical and virtual environments, including VLANs, firewalls, DNS, and secure access solutions.
• Experience balancing infrastructure automation, security, scalability, and developer productivity.
• Extensive hands-on experience with security tools and technologies, including SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
• High-level proficiency in SAML/SSO solutions and using hardware MFA keys.
• Experience developing and presenting cybersecurity training programs for employees.
• Knowledge of IT processes, risk, and control frameworks, including CoBIT, ISO 27001, NIST, ITIL, and PCI.
• Familiarity with security regulatory requirements and standards (e.g., SOC 1/2/3, SANS Top 20, NIST 800-53).
• Security certifications preferred (e.g., CISSP, CCSP, CISM, CSSP).
• Ability to explain complex security issues to both technical and non-technical audiences.
• Proven ability to work in fast-paced environments with minimal guidance.
• Flexibility to work daily in the Emeryville office and commute to Santa Clara as needed.
• BS in Computer Science, Cybersecurity, Information Security, or a related field preferred.

Salary Range

$175,000 - $235,000 USD