Information Security Engineer, Bare Metal

ABOUT FLUIDSTACK

At Fluidstack, we build the compute, data centers, and power that will fuel artificial superintelligence. We supply GWs of compute capabilities to the world’s biggest AI Labs at industry-defining speeds.

Our team is small, fast, and obsessed with quality. We own outcomes end-to-end, challenge assumptions, and treat our customers' problems as our own. No task is beneath anyone here.

There are a few thousand people who will shape the trajectory of superintelligence. Come and be one of them.

About the Role

Frontier AI runs on bare metal — and the bare metal it runs on has to be trustworthy from the silicon up. As Fluidstack's Information Security Engineer for Bare Metal, you'll own the security of the physical fleet powering some of the most important AI workloads in the world. This is a deeply technical, hands-on role for an engineer who thinks in firmware, kernels, and packet flows, and who wants the rare opportunity to design fleet-wide security controls from a clean slate rather than inherit someone else's compromises.

You'll work at the intersection of hardware, operating systems, and network security in an environment where performance margins are thin, customer trust is paramount, and the threat model includes nation-state-level adversaries. The systems you build will protect tens of thousands of GPUs and the workloads of customers whose models will shape the next decade of computing.

What You’ll Own

• Fleet lifecycle security. End-to-end security for every server in our bare metal fleet — from supply chain and provisioning through hardening, operation, and secure decommissioning.
• Hardened OS images. Design and maintain the golden images that run our production and development environments, including automated vulnerability scanning, patch pipelines, and configuration drift detection.
• BMC security. Define and enforce the security model for baseboard management controllers: access control, credential rotation, audit logging, and firmware integrity. BMCs are one of the most under-defended surfaces in the industry; you'll make ours the exception.
• Network security. Partner with network engineering on micro-segmentation, IDS/IPS, and firewall architecture for the bare metal environment, with zero-trust principles applied from the ToR up.
• Storage and data protection. Implement data-at-rest encryption, key management, and secure access for local and networked storage at fleet scale.
• Security automation. Build the tooling that makes secure-by-default the path of least resistance: configuration management, policy-as-code, and continuous compliance checks across the fleet.
• Detection and response. Integrate monitoring tailored to bare metal infrastructure and act as a responder for incidents touching the physical fleet.
• Threat modeling and review. Lead security reviews and threat modeling for new hardware platforms, network designs, and infrastructure changes — shaping decisions before they're locked in.

About You

• 7+ years of experience in an Information Security or Infrastructure Engineering role, with a strong focus on bare metal, IaaS, or high-scale cloud infrastructure.
• Deep practical experience with Linux operating system hardening (e.g., SELinux, AppArmor, kernel-level security).
• Expert-level knowledge of network security principles, including TCP/IP, VPNs, firewall rulesets, and zero-trust concepts.
• Proven ability to implement and manage encryption technologies, including disk-level encryption (e.g., LUKS) and hardware-level encryption.
• Strong scripting and automation skills in languages such as Python, Go, or Rust, and experience with configuration management tools (e.g., Ansible, Puppet, Chef).
• Understanding of hardware security modules (HSMs) and trusted computing concepts (e.g., TPM/TXT).
• Excellent problem-solving and communication skills, with the ability to work collaboratively across engineering teams.

Nice to Haves

• Experience with specific BMC platforms (e.g., OpenBMC, Dell iDRAC, HPE iLO).
• Familiarity with compliance standards relevant to bare metal environments (e.g., SOC 2, ISO 27001, FedRAMP).
• Experience with hardware-level root of trust and secure boot implementations.
• Relevant security certifications (e.g., CISSP, OSCP, CEH).

SALARY & BENEFITS

• Competitive total compensation package (salary + equity).
• Retirement or pension plan, in line with local norms.
• Health, dental, and vision insurance.
• Generous PTO policy, in line with local norms.

The base salary range for this position is $230,000 - $310,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.

We are committed to pay equity and transparency.

Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email, please email careers@fluidstack.io with your resume/CV, the role you've applied for, and the date you submitted your application-- someone from our recruiting team will be in touch.