Principal Security Infrastructure Engineer

At Vast, our mission is to contribute to a future where billions of people are living and thriving in space. We are building artificial gravity space stations, allowing long-term stays in space without the adverse effects of zero-gravity. Our initial crewed space habitat will be Haven-1, scheduled to be the world’s first commercial space station when it launches into low earth orbit in May 2026. Our team is all-in , committed to executing our mission safely and on time. If you want to work with the most talented people on Earth furthering space exploration for humanity, come join us.

As a Principal Security Infrastructure Engineer, you will have the opportunity to build a modern IT infrastructure from the ground up. We build our systems cloud-first, with an emphasis on researching and deploying the latest technologies and paradigms. You will identify opportunities to improve and expand our IT infrastructure to enhance speed, security, and ease of use. You will have the opportunity to plan, build, test, deliver, and maintain projects from start to finish. Likewise, you will prioritize establishing our IT function to be an ally to enhance employee productivity while balancing security.

This will be a full-time, exempt position located in our Long Beach location.

Responsibilities:

• Architect and secure Kubernetes clusters on bare metal and cloud environments, emphasizing isolation, encryption, and policy enforcement.


• Develop and manage secure provisioning for bare metal systems, including DHCP, DNS, PXE/iPXE/ and Linux, with an emphasis on measured boot, secure boot, and hardware trust.


• Build and maintain security tooling and automation (Go, Python, Bash) for provisioning, monitoring, and continuous security validation across environments.


• Collaborate with data center operations, hardware, and networking teams to enforce physical security, network segmentation, and zero-trust principles.


• Manage infrastructure configuration using GitOps (Git, Flux, Terraform) with security scanning and policy-as-code controls.


• Establish monitoring and alerting pipelines to detect, investigate, and respond to security events in infrastructure and cloud systems.


• Maintain and improve system documentation, runbooks, and security procedures for consistent, auditable, and repeatable infrastructure operations.


• Conduct threat modeling and risk assessments on infrastructure components, driving remediation to reduce the attack surface.


• Support incident response activities, including containment, analysis, and post-incident improvements to infrastructure security.

Minimum Qualifications:

• 3+ years experience designing, deploying, and managing highly available self-hosted security services such as a SIEM


• Years of experience in building modern DevOps tools & best practices: CI/CD systems, deployment tools (CloudFormation, Terraform, Pulumi, etc.).


• Deep expertise with the cloud and Kubernetes.


• Understanding of networking/security/auth constructs and requirements.

Preferred Skills & Experience:

• Experience with Kubernetes security (RBAC, PodSecurity, admission controllers, policy enforcement, and runtime security tooling).


• Experience building and maintaining observability pipelines (Falco, eBPF, OSQuery, or similar tooling).


• Proficiency with Linux and Kubernetes bootstrapping with a focus on secure provisioning.


• Experience collaborating with facilities, hardware, or network teams to enforce physical and logical security in a data center environment.

Pay Range:

• Principal Security Infrastructure Engineer: $188,100 - $270,600

Salary Range: California

$188,100 - $270,600 USD

COMPENSATION AND BENEFITS

Base salary will vary depending on job-related knowledge, education, skills, experience, business needs, and market demand. Salary is just one component of our comprehensive compensation package. Full-time employees also receive company equity, as well as access to a full suite of compelling benefits and perks, including: 100% medical, dental, and vision coverage for employees and dependents, flexible paid time off for exempt staff and up to 10 days of vacation for non-exempt staff, paid parental leave, short and long-term disability insurance, life insurance, access to a 401(k) retirement plan, One Medical membership, ClassPass credits, personalized mental healthcare through Spring Health, and other discounts and perks. We also take pride in offering exceptional food perks, with snacks, drip coffee, cold drinks, and dinner meals remaining free of charge, and lunch subsidized as part of Vast’s ongoing commitment to providing high-quality meals for employees.

U.S. EXPORT CONTROL COMPLIANCE STATUS

The person hired will have access to information and items subject to U.S. export controls, and therefore, must either be a “U.S. person” as defined by 22 C.F.R. § 120.62 or otherwise eligible for deemed export licensing. This status includes U.S. citizens, U.S. nationals, lawful permanent residents (green card holders), and asylees and refugees with such status granted, not pending.

EQUAL OPPORTUNITY

Vast is an Equal Opportunity Employer; employment with Vast is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.