Shield AI Logo

Shield AI

Senior Staff Cybersecurity Engineer, Platform Security (R5219)

Posted 4 Days Ago
Be an Early Applicant
In-Office
San Diego, CA
160K-240K Annually
Senior level
In-Office
San Diego, CA
160K-240K Annually
Senior level
Lead design and implementation of secure-by-default infrastructure: build IaC modules, CI/CD templates, policy-as-code guardrails, and platform security tooling. Embed pipeline and supply-chain security, enforce least-privilege identity, operate defenses as self-service products, review high-risk designs, and set technical direction while mentoring engineers.
The summary above was generated by AI
Founded in 2015, Shield AI is a venture-backed defense-tech company with the mission of protecting service members and civilians with intelligent systems. Its products include Hivemind autonomy software and V-BAT and X-BAT aircraft. With offices and facilities across the U.S., Europe, the Middle East, and Asia-Pacific, Shield AI’s technology actively supports operations worldwide. For more information, visit www.shield.ai. Follow Shield AI on LinkedIn, X, Instagram, and YouTube. 

Job Description:

You'll be the senior technical owner for paved roads and secure-by-default engineering on the Security Engineering team. Your job is not to review and say no — it is to engineer the secure defaults, golden paths, and guardrails-as-code that make the secure way to build the easy way to build, across cloud, infrastructure, and CI/CD.

You will design, build, and operate the IaC modules, pipeline templates, internal libraries, and policy-as-code controls that the rest of the company consumes. You will engineer guardrails that block or flag the insecure path automatically, and replace recurring manual security work with durable mechanisms that don't depend on anyone remembering to do the right thing. As one of the most senior engineers on the team, you'll help shape and drive the technical direction for how secure-by-default works at Shield AI — partnering closely with a hands-on engineering lead — and raise the bar for everyone building on top of it.

This is a hands-on, build-heavy role. We are credible because we are technical — you'll read the code, the configs, the telemetry, and the architecture, and ship solutions durable enough to run without you.

What you'll do:

  • Build the secure defaults: Infrastructure-as-Code modules, CI/CD pipeline templates, internal libraries, and golden-path scaffolding that make the secure choice the easy choice.
  • Engineer guardrails as code — policy-as-code (OPA/Conftest), admission controllers, cloud guardrails (SCPs / org policy), and pre-commit and CI checks — so the insecure path is blocked or flagged automatically.
  • Own the platform security tooling that other teams consume, so they don't have to build their own; replace recurring manual work with durable, self-service mechanisms.
  • Embed security into the software and infrastructure supply chain: pipeline security, build/artifact integrity, dependency and container scanning, and secrets management.
  • Engineer workload and service identity controls (least privilege, short-lived credentials, federated trust) so zero-standing-privilege is real and observable.
  • Write and maintain production-quality code and infrastructure that backs these controls.
  • Partner with platform, infrastructure, and product engineering teams early — review high-blast-radius designs against the internal Security Engineering standard while the design can still change, and turn recurring findings into a missing paved road, not just another fix.
  • Set technical direction and standards for secure-by-default; document them so they can be applied without us, and mentor and raise the bar for other engineers.

Required qualifications:

  • Extensive experience in security engineering, platform/infrastructure engineering, DevSecOps, or a closely related field, with a track record of owning complex systems end-to-end.
  • Strong software engineering ability — you write, review, and ship production-quality code (any modern language) and treat infrastructure as software.
  • Hands-on experience building secure-by-default mechanisms: Infrastructure-as-Code, CI/CD pipeline security, and policy/guardrails as code.
  • Deep working knowledge of at least one major cloud provider and its security and identity model.
  • Demonstrated ability to design durable, automated solutions that reduce real risk without becoming a bottleneck — and to make explicit tradeoffs between security and the business.
  • Strong communication: you can explain a security concept to a product engineer in their language and to a leader in business terms, and you write recommendations people can act on.

Preferred qualifications:

  • Strong DevSecOps background with hands-on Kubernetes (admission control, OPA/Gatekeeper, workload identity) and Terraform (reusable secure modules, policy-as-code).
  • Production coding experience in Go, Python, and/or Rust; comfortable with scripting/automation in Bash and PowerShell.
  • Depth in Azure security and identity (Entra ID, Azure Policy, Management Group guardrails).
  • Experience securing AI/ML systems, pipelines, or workloads.
  • Offensive security / red team experience, with the ability to think like an attacker and translate those findings into stronger defaults and guardrails.
  • Experience with supply-chain security (SLSA, sigstore/cosign, SBOMs), container/image hardening, and secrets management.
  • Experience operating security tooling as an internal product consumed self-service by other engineering teams.
  • Bachelor's degree or equivalent professional certification and experience.

#LI-HM1
#LE

Full-time regular employee offer package:
Pay within range listed + Bonus + Benefits + Equity
 
Temporary employee offer package:
Pay within range listed above + temporary benefits package (applicable after 60 days of employment)
 
Salary compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. All offers are contingent on a cleared background and possible reference check. Military fellows and part-time employees are not eligible for benefits. Please speak to your talent acquisition representative for more information.
 
###
 
Shield AI is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know. 

Similar Jobs at Shield AI

4 Days Ago
In-Office
170K-240K Annually
Senior level
170K-240K Annually
Senior level
Aerospace • Artificial Intelligence • Machine Learning • Robotics • Software
Lead system-level verification and validation of aircraft software by designing realistic mission test scenarios, managing V&V events to verify flight readiness, writing Python test analyzers, producing coverage and release-readiness reports, and improving simulation and fault-injection capabilities.
Top Skills: C++Hardware EmulationPythonSimulation SoftwareTest Automation Frameworks
4 Days Ago
In-Office
95K-200K Annually
Senior level
95K-200K Annually
Senior level
Aerospace • Artificial Intelligence • Machine Learning • Robotics • Software
Design and build automated test capabilities for V-BAT: define and automate system-level test cases, implement interfaces/drivers for simulation and hardware, prototype and harden test solutions, and support release and flight test activities working with GNC and Embedded teams.
Top Skills: C++CmakeGitPoetryPython
4 Days Ago
In-Office
188K-281K Annually
Senior level
188K-281K Annually
Senior level
Aerospace • Artificial Intelligence • Machine Learning • Robotics • Software
Lead design and implementation of tactical autonomy behaviors for unmanned platforms. Develop, test, and deploy multi-agent coordination, motion/behavior planning, and survivability features across vehicles while owning end-to-end system lifecycle and collaborating with integration teams and end users.
Top Skills: AfsimC++Do-178CNgtsOmplOptimization SolversRos

What you need to know about the San Francisco Tech Scene

San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.

Key Facts About San Francisco Tech

  • Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Google, Apple, Salesforce, Meta
  • Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
  • Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
  • Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account