Security/DevSecOps Engineer

About Turing

Based in San Francisco, California, Turing is the world's leading research accelerator for frontier AI labs and a trusted partner for global enterprises looking to deploy advanced AI systems. Turing accelerates frontier research with high-quality data, specialized talent, and training pipelines that advance thinking, reasoning, coding, multimodality, and STEM. For enterprises, Turing builds proprietary intelligence systems that integrate AI into mission-critical workflows, unlock transformative outcomes, and drive lasting competitive advantage.

Recognized by Forbes, The Information, and Fast Company among the world's top innovators, Turing's leadership team includes AI technologists from Meta, Google, Microsoft, Apple, Amazon, McKinsey, Bain, Stanford, Caltech, and MIT. Learn more at 

About the Role

We are seeking a highly motivated and experienced Security / DevSecOps Engineer focused on cloud infrastructure security, monitoring, and threat detection. This role is critical for ensuring the security and compliance of our cloud environment by actively identifying, analyzing, and responding to security threats, as well as designing and operating automated security controls within Google Cloud Platform (GCP).

What You'll Work On

Infrastructure & Platform Security

• Design, implement, and operate automated patch pipelines (e.g., OS Config/Patch Jobs) for Linux/Windows across GCE and GKE nodes for all cloud infrastructure components.
• Define hardened images and golden baselines (OS, container, Kubernetes, network) and enforce via IaC, org policies, and policy-as-code.
• Maintain and audit secure infrastructure configurations (including network security, identity, and access management) based on security best practices and compliance requirements.
• Secure Infrastructure-as-Code (IaC) pipelines and repositories, ensuring security is built-in from the development stage.
• Integrate security controls and testing into CI/CD pipelines to prevent the deployment of vulnerable code or insecure configurations.
• Ensure continuous adherence to internal security benchmarks and external regulatory frameworks.
• Standardize secret management (GCP Secret Manager/KMS), rotation, and break-glass access.
• Implement least-privilege IAM, service accounts/workload identities, and VPC Service Controls where appropriate.
• Collaborate with engineering teams to provide security guidance and ensure new infrastructure deployments meet security standards.

Monitoring, Detection & Incident Response

• Deploy, configure, and continuously tune cloud-native and third-party Intrusion Detection Systems (IDS), specifically Google Cloud IDS, to maximize threat detection efficacy and minimize false positives.
• Proactively monitor security dashboards, logs, and alerts for threats, anomalies, and suspicious activity across our cloud infrastructure.
• Manage and harden network security configurations, including VPC Service Controls, firewall rules, and security groups in GCP, using infrastructure-as-code principles.
• Provide hands-on support for security incident response activities, including initial triage, containment, eradication, and post-incident analysis.
• Ensure the robustness, automation, and regular validation of backup and disaster recovery processes to meet business continuity requirements.
• Develop and maintain automated monitoring and alerting systems to ensure high availability and performance of security tools and critical infrastructure.
• Maintain documentation for all security operational procedures, runbooks, and configurations.

Vulnerability & Compliance

• Support the vulnerability management program by triaging, prioritizing, and coordinating the remediation of infrastructure-related vulnerabilities across GCP.
• Support compliance activities related to internal security standards and external frameworks as required.

What We're Looking For

• 5+ years in cloud or infrastructure security engineering, security operations, or a similar role.
• 3+ years hands-on with Google Cloud Platform (GCP).
• Demonstrable experience securing cloud environments, with a strong preference for GCP.
• Expertise in Infrastructure-as-Code (IaC) tools such as Terraform or Cloud Deployment Manager.
• Strong practical experience with CI/CD tools (e.g., Jenkins, GitHub, Cloud Build) and integrating security testing into these pipelines.
• Proficiency in scripting or programming (e.g., Python, Go, Shell) for automation of security tasks and workflows.
• Deep understanding of core infrastructure security concepts, including patch management, vulnerability assessment, and backup/recovery procedures.
• Strong understanding of network security principles, including firewalls, load balancers, and segmentation in a cloud environment.
• Demonstrated ability to perform security event analysis, triage, and incident response.

Bonus Points

• Relevant industry certifications (e.g., Google Cloud Professional Cloud Security Engineer, CISSP, CCSP).
• Experience with automated configuration management tools like Ansible, Chef, or Puppet.
• Familiarity with security frameworks (e.g., NIST, ISO 27001, CIS Benchmarks).
• Experience with container security (Docker, Kubernetes/GKE).
• Advanced GCP controls: Organization Policies, VPC Service Controls, Access Context Manager, Binary Authorization.
• Experience with SIEM or observability tools; building infra-security detections and dashboards.

• We are client first: We put our clients at the center of everything we do, because their success is the ultimate measure of our value.
• We work at Start-Up Speed: We move fast, stay agile and favor action because momentum is the foundation of perfection
• We are Al forward: We help our clients build the future of Al and implement it in our own roles and workflow to amplify productivity.

• Amazing work culture (Super collaborative & supportive work environment; 5 days a week)
• Awesome colleagues (Surround yourself with top talent from Meta, Google, LinkedIn etc. as well as people with deep startup experience)
• Competitive compensation
• Flexible working hours

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. Turing is proud to be an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, disability, protected veteran status, or any other legally protected characteristics. At Turing we are dedicated to building a diverse, inclusive and authentic workplace  and celebrate authenticity, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

For applicants from the European Union, please review Turing's GDPR notice here.