Staff Infrastructure Security Engineer (Vault)

Crusoe's mission is to accelerate the abundance of energy and intelligence. We’re crafting the engine that powers a world where people can create ambitiously with AI — without sacrificing scale, speed, or sustainability.Be a part of the AI revolution with sustainable technology at Crusoe. Here, you'll drive meaningful innovation, make a tangible impact, and join a team that’s setting the pace for responsible, transformative cloud infrastructure.About This RoleWe’re seeking a Staff Infrastructure Security Engineer to architect and operationalize the foundational security services that enable our transition to a Zero Trust model. This is a highly strategic role focused on establishing the organization’s “roots of trust,” with immediate ownership of our enterprise HashiCorp Vault platform, from Proof of Concept through global production readiness.You’ll serve as the subject matter expert for secrets management and identity architecture, while designing scalable, self-service trust patterns across our hybrid, multi-cloud environment. Over time, this role will shape our long-term credentials management strategy and how engineering teams securely interact with core infrastructure.What You’ll Be Working OnArchitecting a highly available, disaster-resilient, multi-cluster secrets management platform as the foundation of our Zero Trust strategyDriving Vault from PoC to enterprise-grade production, establishing standards, reliability, and scalabilityLeading cross-functional alignment with Cloud Engineering, DevOps, and SRE teams on secure secret management workflows embedded into the SDLCDesigning and enforcing governance controls to meet internal policies and external compliance requirements (e.g., SOX, ISO 27001)Implementing Policy as Code using Sentinel to automate guardrails and access decisionsEngineering Vault infrastructure using Terraform with fully automated, reproducible, and version-controlled deploymentsArchitecting integrations between Vault, identity providers (e.g., Okta), and workload identities (e.g., Kubernetes Service Accounts)Configuring and tuning core Vault secrets engines (KV, Transit, KMIP) and Enterprise features such as performance replication and automated sealingOperationalizing “Vault as a Service” through paved-road onboarding, self-service workflows, and clear developer documentationBuilding observability across the platform, including monitoring, alerting, audit logging, and usage insightsWhat You’ll Bring to the Team8+ years of hands-on experience in cloud security, DevOps, or infrastructure engineeringDeep, production-grade experience deploying and operating HashiCorp Vault in enterprise environments (Enterprise edition strongly preferred)Expert knowledge of secrets management, cryptography, PKI/X.509 certificate authorities, and trust systemsStrong experience with Google Cloud Platform (GCP) and cloud-native IAM modelsProven expertise using Infrastructure-as-Code tools (Terraform) to automate security platformsHands-on experience with Kubernetes and securely integrating secrets into microservices architecturesFluency in at least one programming language (Go or Python preferred) for automation and toolingStrong understanding of network security fundamentals, including segmentation, firewalls, routing, and Zero Trust conceptsBonus PointsExperience building internal “security platforms” or Vault-as-a-Service offeringsPrior ownership of enterprise-wide identity or credential lifecycle programsExperience operating Vault across hybrid or multi-cloud environmentsFamiliarity with advanced Vault governance patterns and large-scale developer onboardingBenefits:Industry competitive payRestricted Stock Units in a fast growing, well-funded technology companyHealth insurance package options that include HDHP and PPO, vision, and dental for you and your dependentsEmployer contributions to HSA accountsPaid Parental LeavePaid life insurance, short-term and long-term disabilityTeladoc401(k) with a 100% match up to 4% of ... (truncated, view full listing at source)