Senior Security Engineer
Santa Clara, California
Production Manufacturing – IT & Security /
Full-time /
On-site
Atomic Machines is ushering in a new era in micromanufacturing with its Matter Compiler (MC) technology. The MC enables new classes of micromachines to be designed and built by offering manufacturing processes and a materials library that is inaccessible to semiconductor manufacturing methods. The MC promises to unlock MEMS manufacturing both for the many device classes that never could be made by semiconductor methods but also to open up entirely new classes. Furthermore, the MC is fully digital in the way 3D printing is digital, but where 3D printing produces parts of a single material using a single process, the MC is a multi-process, multi-material technology: bits and raw materials go in and complete, functional micromachines come out. The Atomic Machines team has also created an exciting first device – one that was only made possible by the existence of the Matter Compiler – that we will be unveiling to the world soon.
Our offices are in Emeryville and Santa Clara, California.
About the role:
We’re looking for a Senior Security Engineer to help embed scalable, proactive security into everything we build — from our AWS infrastructure to our CI/CD pipelines. This isn’t a maintenance role — it’s hands-on, strategic, and a critical opportunity to shape how security operates across our engineering environment.
You’ll work cross-functionally with our cloud, infrastructure, and development teams to make security a first-class citizen — not a bolt-on. Your efforts will directly impact how we protect our intellectual property, meet compliance goals, and build fast without sacrificing safety.
This is a foundational role with clear room to grow — whether into deeper architectural leadership or broader cross-functional ownership. We’re a small, high-impact team, and the security practices you help establish will scale with us.
Why does this role matter so much? Because without a strong security partner, we face real risks — from compliance delays to potential vulnerabilities in our stack. That’s why we’re looking for someone who’s both technically strong and driven to think a few steps ahead.
If you’re excited about securing hyrbid cloud/on-premesis infrastructure, automating guardrails into CI/CD, and helping engineers ship safer code — we’d love to meet you.
This position is based in our Santa Clara office, with occasional visits to Emeryville as needed.
What You'll Do:
- Cloud & Infrastructure Security (AWS):
- Secure cloud infrastructure using services like IAM, VPC, CloudTrail, GuardDuty, and AWS Config.
- Manage infrastructure as code using Terraform or CloudFormation with a security-first mindset.
- Monitor for misconfigurations and enforce least-privilege access patterns.
- CI/CD and DevSecOps Enablement:
- Harden GitLab CI/CD pipelines using SAST, DAST, and SCA tools.
- Automate security gates, compliance checks, and merge requirements.
- Embed security testing into development workflows to “shift left.”
- Threat & Vulnerability Management:
- Integrate tools like Rapid7 and Snyk into CI/CD and runtime environments.
- Triage and drive vulnerability remediation with engineering and IT teams.
- Use Jira or similar systems to track issues through resolution.
- Secrets Management & IAM:
- Use Vault, AWS Secrets Manager, or equivalent for secrets handling.
- Implement IAM policies using least privilege and policy-as-code approaches.
- Rotate, audit, and monitor credentials across services and environments.
- Developer Education & Enablement:
- Guide engineers on secure coding practices and pipeline hygiene.
- Build internal tooling, playbooks, and documentation to scale best practices.
- Promote a DevSecOps culture through education and automation.
What You'll Need:
- A first-principles mindset — You question assumptions, break problems down to fundamentals, and prefer root-cause solutions over pattern-matching.
- 6–10 years of experience in security engineering, DevSecOps, or infrastructure security.
- Deep hands-on experience with AWS security services, including IAM, VPC, CloudTrail, GuardDuty, and Config.
- Proven ability to secure and optimize GitLab CI/CD pipelines.
- Proficiency with Terraform or CloudFormation and a security-first IaC mindset.
- Strong scripting skills in Python, Bash, or Go.
- Experience with secrets management tools like Vault or AWS Secrets Manager.
- A track record of collaborating with engineers to remediate vulnerabilities and enforce security standards.
- Familiarity with compliance frameworks like SOC 2, ISO 27001, or NIST.
- Certifications like AWS Security Specialty, CISSP, OSCP, or GIAC.
- Experience with SBOM generation, GitOps, or supply chain security.
Bonus Points For:
- Background working in IP-sensitive environments (e.g., biotech, advanced manufacturing, R&D-heavy orgs).
- Contributions to open source security projects or tooling.
ITAR Notice:
- This position may require access to technical data controlled under the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). As such, applicants must be U.S. citizens, lawful permanent residents, or protected individuals as defined by 8 U.S.C. 1324b(a)(3).
$155,000 - $175,000 a year
The compensation for this position also includes equity and benefits.