About this role
About Us:Modal provides the infrastructure foundation for AI teams. With instant GPU access, sub-second container startups, and native storage, Modal makes it simple to train models, run batch jobs, and serve low-latency inference. We have thousands of customers who rely on us for production AI workloads, including Lovable, Scale AI, Substack, and Suno.
We're a fast-growing team based out of NYC, SF, and Stockholm. We've hit 9-figure ARR and recently raised a Series B at a $1.1B valuation. Our investors include Lux Capital, Redpoint Ventures, Amplify Partners, and Elad Gil.
Working at Modal means joining one of the fastest-growing AI infrastructure organizations at an early stage, with many opportunities to grow within the company. Our team includes creators of popular open-source projects (e.g. Seaborn, Luigi), academic researchers, international olympiad medalists, and experienced engineering and product leaders with decades of experience.
The Role:We’re looking for an Infrastructure Security Engineer to design and secure the core systems that power our platform. This role focuses on building security directly into our infrastructure—from container isolation and orchestration to identity and secrets management in a multi-tenant, cloud-native environment.
You’ll work closely with engineering teams to define secure primitives and ensure our platform is resilient, scalable, and trustworthy by design.
This is a hands-on, deeply technical role focused on real systems, not compliance or policy.
What You'll Do:Platform & Runtime Security
Design and improve isolation mechanisms for multi-tenant workloads (containers, sandboxing, execution environments)
Strengthen boundaries between customers, workloads, and internal systems
Identify and mitigate risks in distributed, dynamic compute environments
Container & Orchestration Security
Secure and harden containerized workloads and orchestration systems (e.g., Kubernetes or similar)
Improve workload isolation, scheduling boundaries, and runtime protections
Evaluate tradeoffs in multi-tenant execution models
Identity & Access Management
Design and improve authentication and authorization systems across services
Implement strong service-to-service identity and least-privilege access patterns
Improve access controls across infrastructure and internal systems
Secrets & Key Management
Build and maintain systems for securely managing secrets, tokens, and credentials
Improve rotation, auditing, and access controls
Reduce secret sprawl and integrate secure patterns into developer workflows
Cloud & Infrastructure Security
Secure cloud environments across providers (AWS, GCP, etc.) with a focus on consistency and portability
Improve network boundaries, service segmentation, and access controls
Embed security into infrastructure-as-code and deployment systems
Engineering Partnership
Work closely with product and infrastructure teams to design secure systems from the ground up
Review architecture and code for security risks and provide actionable guidance
Identify patterns in risks and drive cross-cutting improvements
Requirements:Core Experience
Experience securing cloud-native infrastructure and distributed systems in production
Background in infrastructure, backend, or security engineering
Experience working in multi-tenant or high-scale environments
Technical Depth
Strong understanding of containerization and orchestration systems (e.g., Kubernetes or similar)
Experience designing or securing isolation mechanisms in multi-tenant systems
Solid understanding of authentication, authorization, and service identity models
Experience with secrets management and secure handling of credentials
Strong foundation in networking concepts (segmentation, service communication, access boundaries)
Mindset
Builder mentality, you design and implement, not just review
Pragmatic approach to security in fast-moving environments
Comfortable working deeply with engineers and influencing system design
Preferred Qualifications:Experience with sandboxing or runtime isolation technologies (e.g., gVisor, Firecracker, seccomp, or similar)
Familiarity with kernel-level or low-level isolation primitives
Experience securing Kubernetes or similar orchestration systems in production
Background in developer infrastructure, compute platforms, or multi-tenant systems