What you'd actually do

Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models

Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions

Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems

Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property

Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles

Skills

Required

8+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures
Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack
Experience implementing device trust, endpoint security, and hardware-backed identity solutions
Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns
Knowledge of email security, phishing mitigation, and session security controls
Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks
Familiarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patterns
Strong architectural mindset with the ability to design preventative, scalable security systems
Excellent communication skills and ability to influence security decisions across engineering and business teams

Nice to have

Experience implementing CASB platforms and enterprise DLP solutions at scale
Familiarity with Model Context Protocol (MCP) or similar AI orchestration frameworks
Experience building “Secure by Default” environments in high-growth organizations
Background in cloud-native or AI infrastructure environment.

Crusoe is on a mission to accelerate the abundance of energy and intelligence. As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster.

We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI.

We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services.

If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe.

About This Role

Crusoe is building the world’s favorite AI-first cloud infrastructure. We are seeking a Staff Corporate Security Engineer to act as the principal architect for our corporate security posture.

In this role, you will move beyond tactical tool management to design high-assurance, preventative systems that safeguard our identity perimeter, global network, and SaaS ecosystem. As a senior technical leader, you will build a “Secure by Default” environment where security is seamlessly embedded into the employee experience.

What You’ll Be Working On

Leading the design and implementation of Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) architectures, replacing legacy VPNs with identity-aware, perimeter-less access models
Architecting preventative SaaS security across platforms such as Google Workspace, Slack, and Okta, including CASB controls to enforce data protection and monitor unauthorized applications or extensions
Implementing Binary Authorization and device trust mechanisms, leveraging hardware-backed identity (e.g., TPM, Secure Enclave) to ensure only compliant devices can access corporate systems
Designing and tuning Data Loss Prevention (DLP) controls across endpoints and SaaS platforms to protect intellectual property
Strengthening email security posture, including MFA enforcement and session controls to mitigate phishing and session hijacking risks
Architecting AI-native security frameworks, including governance and secure gateways for agent-based systems (e.g., MCP), ensuring all AI-driven actions are auditable and aligned with zero-trust principles
Scaling identity and access management systems, including SSO, SAML, OAuth, SCIM, and designing Just-In-Time (JIT) access workflows to eliminate standing privileges
Defining and executing a “Crown Jewels” security methodology, identifying and remediating high-risk vulnerabilities (e.g., IDOR, role-bypass) across critical systems

What You’ll Bring to the Team

8+ years of experience designing and implementing Zero Trust, SASE, and modern identity-based security architectures
Strong expertise in SaaS security, including CASB, DLP, and governance across platforms like Google Workspace, Okta, and Slack
Experience implementing device trust, endpoint security, and hardware-backed identity solutions
Strong understanding of identity and access management systems (SSO, SAML 2.0, OAuth, SCIM) and secure access patterns
Knowledge of email security, phishing mitigation, and session security controls
Experience identifying and mitigating application-layer vulnerabilities such as IDOR and privilege escalation risks
Familiarity with emerging AI security challenges, including governance of agent-based systems and secure orchestration patterns
Strong architectural mindset with the ability to design preventative, scalable security systems
Excellent communication skills and ability to influence security decisions across engineering and business teams

Bonus Points

Experience implementing CASB platforms and enterprise DLP solutions at scale
Familiarity with Model Context Protocol (MCP) or similar AI orchestration frameworks
Experience building “Secure by Default” environments in high-growth organizations
Background in cloud-native or AI infrastructure environment.

Benefits:

Competitive compensation and equity packages
Restricted Stock Units
Paid time off, paid holidays & leave of absence programs
Comprehensive health, dental & vision insurance
Employer contributions to HSA account
Paid parental leave
Paid life insurance, short-term and long-term disability
Professional development & tuition reimbursement
Mental health & wellness support
Commuter benefits (parking & transit)
Cell phone stipend
401(k) Retirement plan with company match up to 4% of salary
Volunteer time off
Global travel insurance & emergency assistance
Daily meals allowance
Additional perks & programs specific to location

Compensation Range

Compensation will be paid in the range of up to $210,000 - $255,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.

Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation.