Senior Infrastructure Engineer (Cloud Security)

Role Overview

Join Rocket Money’s Cloud Infrastructure team as a Senior Infrastructure Engineer (Cloud Security). You will lead the security evolution of the platform by owning the cloud security posture while partnering with internal teams and contributing to day-to-day infrastructure engineering.

Key Missions

• Evolve AWS account strategy, including VPC design and workload segmentation as the infrastructure footprint grows
• Own firewalls and edge security strategy across the cloud footprint
• Enhance IaC security scanning and security controls within infrastructure workflows
• Contribute to day-to-day Cloud Infrastructure work, including Terraform reviews and platform backlog items

Responsibilities

• Own cloud infrastructure security posture and drive improvements over time
• Partner with InfoSec, IT, and parent-company security functions
• Define and deliver cloud security migrations/modernization initiatives

Requirements

• 6+ years hands-on cloud engineering experience with substantial cloud security experience in production (e.g., IAM, network architecture, blast-radius reduction, vulnerability management)
• Deep experience in at least one major cloud (AWS preferred, GCP acceptable) including:
  • account strategy
  • network design
  • least-privilege IAM
• Experience evaluating SIEM approaches (vendor-hosted, self-operated, or hybrid)
• Ability to treat detection as a product and consolidate vulnerability/misconfiguration efforts when tools produce more noise than signal
• Strong view on secure defaults and paved roads (low-friction compliance)
• Production security understanding of LLMs/agents/AI-enabled developer tooling and how to set a safe adoption bar
• Strong Terraform skills, including:
  • production-level fluency
  • authoring custom IaC security scanning rules
  • pinning module versions
  • hardening CI/CD pipelines
• Experience translating compliance frameworks (SOC 2, PCI-DSS, GLBA) into engineering controls without creating friction

Nice-to-Haves

• Hands-on experience securing production AI/ML systems (e.g., prompt injection defenses, agent sandboxing, model supply chain risk)
• Building/open-sourcing internal security tooling, libraries, or scanning rules
• Led a cloud security migration/modernization project defining vision, approach, and implementation

Location / Work Model

• Full remote (role mentions Washington, US as the location)