Security Infrastructure Engineer

Security Infrastructure Engineer About PointOne PointOne builds infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies. We build and operate systems that process the most confidential data for institutions working on the most sensitive matters. Security for us is a strategic priority. We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment. The Role Let’s start with what this isn’t: - Not a GRC or paperwork-heavy compliance role - Not a vulnerability-scanning-only position - Not a “turn on GuardDuty and call it done” role You will be shaping critical systems and making architectural decisions that materially affect risk and resilience. This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization. You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely. What You'll Own Infrastructure Security - Design and enforce least-privilege IAM across services - Implement permission boundaries and SCP strategy - Reduce attack surface across networking and service exposure - Improve secrets management and KMS key segmentation - Lead threat modeling across core systems - Design blast-radius containment strategies Detection & Response - Strengthen logging, monitoring, and anomaly detection - Ensure logs are immutable and auditable - Build and test incident response playbooks - Review new infrastructure designs for security risks Scale & Cost - Optimize AWS architecture for reliability and efficiency - Improve Lambda/SQS concurrency and scaling patterns - Evaluate and improve RDS scaling strategy - Drive principled tradeoffs between isolation, performance, and cost What We're Looking For - 5+ years operating AWS infrastructure in production - Deep IAM expertise (roles, policies, trust relationships, STS) - Strong AWS networking knowledge (VPC, PrivateLink, Security Groups) - Experience designing multi-account AWS environments - Hands-on experience responding to real security incidents - Strong understanding of cloud attack vectors and privilege escalation - Experience reducing cloud cost without compromising security - Comfortable working directly in CDK/Terraform and reviewing infrastructure code Strong plus: Experience in legal, fintech, government, or other high-sensitivity environments. Why This Role Matters A security breach at PointOne would have consequences extending far beyond the survival of our company. This role exists to: - Protect sensitive institutions - Raise the engineering bar on secure system design - Build infrastructure that enterprise and government customers can trust You will be a core architect of PointOne’s long-term security posture. This is intense early-stage startup work. You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product. The compensation for this position is determined by multiple factors, including prior experience and expertise. A competitive equity component will also be offered as part of the package. Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!