PointOne Verified
Information Technology & Services
Security Infrastructure Engineer
New York, New York, United StatesOnsiteFull Time$160,000–$220,000 /yrPosted 2 months agoVisa sponsorship availableHidden Gem · YC Startup
Role summary
PointOne is seeking a senior Security Infrastructure Engineer to own the security, scalability, and cost efficiency of their AWS environment. This hands-on role involves hardening infrastructure, reducing attack surfaces, improving detection and response capabilities, and optimizing cloud architecture. The ideal candidate will have 5+ years of AWS experience, deep IAM and networking expertise, and a strong understanding of cloud security principles and incident response. Experience with IaC tools like CDK/Terraform and cloud cost optimization is essential. This is a critical role for an early-stage startup handling highly sensitive data, requiring strong ownership and the ability to build secure systems that customers can trust.
```
About PointOne
```
PointOne is reinventing how law firms operate. We build infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies. We build and operate systems that process the most confidential data for institutions working on the most sensitive matters. Security for us is a strategic priority. We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment.
Our AI timekeeper helps attorneys capture billable time automatically and provides rich insights that transform how legal work is managed. We're a Tier 1 venture-backed startup (Y Combinator, Bessemer, 8VC, General Catalyst) made up of engineers (Google, Applied Intuition, Stanford) and ex-attorneys. Alongside a recent Series A round and rapid customer adoption, we're expanding our GTM team to keep up with overwhelming demand.
```
The Role
```
Let’s start with what this isn’t:
* Not a GRC or paperwork-heavy compliance role
* Not a vulnerability-scanning-only position
* Not a “turn on GuardDuty and call it done” role
You will be shaping critical systems and making architectural decisions that materially affect risk and resilience.
This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization.
You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely.
```
What You’ll Own
```
**Infrastructure Security**
* Design and enforce least-privilege IAM across services
* Implement permission boundaries and SCP strategy
* Reduce attack surface across networking and service exposure
* Improve secrets management and KMS key segmentation
* Lead threat modeling across core systems
* Design blast-radius containment strategies
**Detection & Response**
* Strengthen logging, monitoring, and anomaly detection
* Ensure logs are immutable and auditable
* Build and test incident response playbooks
* Review new infrastructure designs for security risks
**Scale & Cost**
* Optimize AWS architecture for reliability and efficiency
* Improve Lambda/SQS concurrency and scaling patterns
* Evaluate and improve RDS scaling strategy
* Drive principled tradeoffs between isolation, performance, and cost
```
What We're Looking For
```
* 5+ years operating AWS infrastructure in production
* Deep IAM expertise (roles, policies, trust relationships, STS)
* Strong AWS networking knowledge (VPC, PrivateLink, Security Groups)
* Experience designing multi-account AWS environments
* Hands-on experience responding to real security incidents
* Strong understanding of cloud attack vectors and privilege escalation
* Experience reducing cloud cost without compromising security
* Comfortable working directly in CDK/Terraform and reviewing infrastructure code
**Strong plus:** Experience in legal, fintech, government, or other high-sensitivity environments.
```
Why This Role Matters
```
A security breach at PointOne would have consequences extending far beyond the survival of our company. This role exists to:
* Protect sensitive institutions
* Raise the engineering bar on secure system design
* Build infrastructure that enterprise and government customers can trust
You will be a core architect of PointOne’s long-term security posture.
This is intense early-stage startup work. You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product.
_The compensation for this position is determined by multiple factors, including prior experience and expertise. **A competitive equity component will also be offered as part of the package.** Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!_
About PointOne
```
PointOne is reinventing how law firms operate. We build infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies. We build and operate systems that process the most confidential data for institutions working on the most sensitive matters. Security for us is a strategic priority. We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment.
Our AI timekeeper helps attorneys capture billable time automatically and provides rich insights that transform how legal work is managed. We're a Tier 1 venture-backed startup (Y Combinator, Bessemer, 8VC, General Catalyst) made up of engineers (Google, Applied Intuition, Stanford) and ex-attorneys. Alongside a recent Series A round and rapid customer adoption, we're expanding our GTM team to keep up with overwhelming demand.
```
The Role
```
Let’s start with what this isn’t:
* Not a GRC or paperwork-heavy compliance role
* Not a vulnerability-scanning-only position
* Not a “turn on GuardDuty and call it done” role
You will be shaping critical systems and making architectural decisions that materially affect risk and resilience.
This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization.
You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely.
```
What You’ll Own
```
**Infrastructure Security**
* Design and enforce least-privilege IAM across services
* Implement permission boundaries and SCP strategy
* Reduce attack surface across networking and service exposure
* Improve secrets management and KMS key segmentation
* Lead threat modeling across core systems
* Design blast-radius containment strategies
**Detection & Response**
* Strengthen logging, monitoring, and anomaly detection
* Ensure logs are immutable and auditable
* Build and test incident response playbooks
* Review new infrastructure designs for security risks
**Scale & Cost**
* Optimize AWS architecture for reliability and efficiency
* Improve Lambda/SQS concurrency and scaling patterns
* Evaluate and improve RDS scaling strategy
* Drive principled tradeoffs between isolation, performance, and cost
```
What We're Looking For
```
* 5+ years operating AWS infrastructure in production
* Deep IAM expertise (roles, policies, trust relationships, STS)
* Strong AWS networking knowledge (VPC, PrivateLink, Security Groups)
* Experience designing multi-account AWS environments
* Hands-on experience responding to real security incidents
* Strong understanding of cloud attack vectors and privilege escalation
* Experience reducing cloud cost without compromising security
* Comfortable working directly in CDK/Terraform and reviewing infrastructure code
**Strong plus:** Experience in legal, fintech, government, or other high-sensitivity environments.
```
Why This Role Matters
```
A security breach at PointOne would have consequences extending far beyond the survival of our company. This role exists to:
* Protect sensitive institutions
* Raise the engineering bar on secure system design
* Build infrastructure that enterprise and government customers can trust
You will be a core architect of PointOne’s long-term security posture.
This is intense early-stage startup work. You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product.
_The compensation for this position is determined by multiple factors, including prior experience and expertise. **A competitive equity component will also be offered as part of the package.** Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!_
Similar roles
Security Infrastructure EngineerLeidos · Alexandria, Virginia, United States · Onsite
Senior Security Infrastructure EngineerMathWorks · Natick, Massachusetts, United States · Hybrid- Security Infrastructure EngineerJobs via Dice · Marlborough, United States · Remote
Security Infrastructure EngineerHiggsfield AI · United States · Remote- Senior Security Infrastructure EngineerSezzle · Türkiye, United States · Remote
