Information Security Engineer, Bare Metal

Information Security Engineer, Bare Metal(Direct Hire)

San Francisco, CA or New York, NY or Austin, TX 

Annual Salary Range: $150,000 - $250,000. Individual salaries are based on education, geographic location, and alignment to the market data. 

Job Requisition: 7552

Description for Information Security Engineer:

The Bare Metal Security Engineer is responsible for securing and hardening an organization’s physical server fleet throughout its entire lifecycle, from initial provisioning to decommissioning. This role focuses on building and maintaining hardened Linux base images, enforcing strong security controls on Baseboard Management Controllers (BMCs), and ensuring the surrounding network is properly segmented and protected. The engineer implements secure storage and encryption practices, develops automation to enforce security at scale, and continuously monitors infrastructure for vulnerabilities or threats. They also participate in incident response for hardware- and infrastructure-level security events and conduct regular security audits to identify and address risks in new or existing systems. 

Responsibilities for Information Security Engineer:

• Oversee security across the entire lifecycle of physical servers, including initial setup, configuration hardening, ongoing maintenance, and end-of-life processes.
• Develop and maintain secure, hardened operating system images (Linux) for production and development environments, including automated patching and vulnerability scanning.
• Strengthen and manage security controls for Baseboard Management Controllers (BMCs), including access policies, credential handling, logging, and firmware integrity.
• Partners with network engineering teams to design secure network architectures, implement segmentation, and support IDS/IPS and firewall enforcement for bare metal systems.
• Implement robust security measures for storage platforms, including encryption for data at rest, secure key management, and protected access mechanisms.
• Create and maintain automation tooling to ensure consistent security configurations and enforcement across large-scale hardware deployments.
• Configure, operate, and improve security monitoring for physical infrastructure, and participate in incident response for critical infrastructure-related security events.
• Conduct recurring security reviews, assessments, and threat modeling for new hardware designs and infrastructure changes.

Requirements for Information Security Engineer:

• 7+ years of experience in information security or infrastructure engineering with a focus on physical server environments.
• Expertise in Linux security and hardening, including kernel-level security, SELinux, AppArmor, and secure image creation.
• Hands-on experience with Baseboard Management Controllers (BMCs), including firmware management, access control, and logging.
• Strong understanding of network security principles, including TCP/IP, firewall rules, segmentation, and zero-trust concepts.
• Experience implementing encryption technologies for storage, including disk-level and hardware-level encryption.
• Proficiency in automation and scripting (Python, Go, Rust, or similar) and configuration management tools (Ansible, Puppet, Chef).
• Familiarity with hardware security modules (HSMs), trusted platform modules (TPM), and other hardware security concepts.
• Experience conducting security audits, vulnerability assessments, and threat modeling for physical infrastructure.
• Strong problem-solving, documentation, and communication skills, with the ability to work across engineering teams.

Nice to have experience for Information Security Engineer:

• Relevant industry certifications such as CISSP, Security+, GSEC, or equivalent.
• Experience in a regulated or high-growth technology environment.
• Familiarity with compliance frameworks like SOC 2, ISO 27001, NIST 800-53 and FedRAMP.
• Experience securing a mixed environment (macOS, Windows, Linux).
• Scripting proficiency (e.g., Python, PowerShell, Bash) to automate security tasks.

Benefitsfor Information Security Engineer: 

• Competitive total compensation package (salary + equity).
• Retirement or pension plan, in line with local norms.
• Health, dental, and vision insurance.
• Generous PTO policy, in line with local norms.