Security & Infrastructure Engineer

New York City, United StatesOn-site

You are nearing today's limit. Upgrade for unlimited access.

Responsibilities

WHAT YOU'LL OWN Infrastructure Security - Design and enforce least-privilege IAM across services - Implement permission boundaries and SCP strategy - Reduce attack surface across networking and service exposure - Improve secrets management and KMS key segmentation - Lead threat modeling across core systems - Design blast-radius containment strategies Detection & Response - Strengthen logging, monitoring, and anomaly detection - Ensure logs are immutable and auditable - Build and test incident response

We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment.
You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely.
Experience designing multi-account AWS environments - Hands-on
experience responding to real security incidents - Strong understanding of cloud attack vectors and privilege escalation -
Experience reducing cloud cost without compromising security - Comfortable working directly in CDK/Terraform and reviewing infrastructure code Strong plus:
Experience in legal, fintech, government, or other high-sensitivity environments.

The compensation for this position is determined by multiple factors, including prior
experience and expertise. A competitive equity component will also be offered as part of the package.
Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!

ABOUT POINTONE PointOne builds infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies.
We build and operate systems that process the most confidential data for institutions working on the most sensitive matters.
THE ROLE Let’s start with what this isn’t: - Not a GRC or paperwork-heavy compliance role - Not a vulnerability-scanning-only position - Not a “turn on GuardDuty and call it done” role You will be shaping critical systems and making architectural decisions that materially affect risk and resilience.
This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization.
WHY THIS ROLE MATTERS A security breach at PointOne would have consequences extending far beyond the survival of our company.
This role exists to: - Protect sensitive institutions - Raise the engineering bar on secure system design - Build infrastructure that enterprise and government customers can trust You will be a core architect of PointOne’s long-term security posture.
You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product.