Infrastructure & Application Security Engineer
Traversal
New York, NY$200,000 - $350,000 a yearFull Time
Job Description
About Traversal
Traversal is the AI Site Reliability Engineer (SRE) for the enterprise—already trusted by some of the largest companies in the world to troubleshoot, remediate, and even prevent the most complex production incidents. Our mission is to free engineers from endless firefighting and enable them to focus on creative, high-impact work.
Our roots remain deeply embedded in AI research, and we’re channeling that scientific rigor and creativity into building the premier AI agent lab for the enterprise. Hence, what we’re proudest of is assembling the most talented yet nicest group of individuals, including researchers from MIT, Harvard, and Berkeley, to world-class engineers from industry: Citadel Securities, Cockroach Labs, Datadog, DE Shaw, ServiceNow, Glean, Perplexity, Pinecone, and more, to take on one of the hardest problems for AI to solve. Without the entire team, none of this would be possible.
The Role
We’re hiring a Infrastructure & Application Security Engineer who likes security, loves Kubernetes, and is excited to be a high-performing generalist. You will lead security work across our cloud platform and Python services, building guardrails that are automated, measurable, and low-friction for engineers.
This is a hands-on role at the intersection of:
Deep Kubernetes security and platform primitives
Service-to-service security in a modern cluster, including Istio Ambient (Istio “ambient mode”)
Application security for Python APIs in a multi-tenant Software-as-a-Service (SaaS) environment
In this role, you’ll set direction, define standards, and build scalable mechanisms—while still writing and shipping code.
What You’ll Do
Kubernetes security and guardrails: Define and enforce baseline controls across clusters (for example, Role-Based Access Control (RBAC), Pod Security Standards alignment, network segmentation, admission controls and policy-as-code).
Service-to-service security with Istio Ambient: Partner with platform teams to harden service-to-service communication, adopt secure defaults, and implement policies that are debuggable and safe to roll out incrementally.
Application security for Python services: Own security standards for Python web services (for example, FastAPI), including authentication, authorization, session management, secure input handling, safe error patterns, and abuse protections (rate limiting and throttling).
Multi-tenant security: Define authorization invariants that prevent cross-tenant access, standardize tenant-scoped data access patterns, and build regression tests and tooling that continuously validate isolation.
Secrets governance: Standardize secrets storage and delivery patterns across workloads, including rotation and auditable access.
Secure delivery pipelines: Secure GitOps and Continuous Integration / Continuous Delivery (CI/CD) workflows with preventative controls, policy checks, and scanning for Kubernetes configuration, Infrastructure as Code (IaC), and dependencies.
Threat modeling and enablement: Lead threat modeling for new features and integrations; translate findings into paved-road patterns, documentation, and engineering work that scales across teams.
Operational readiness: Improve incident response readiness and post-incident follow-through by turning lessons learned into durable guardrails, tests, and metrics.
What We’re Looking For
Deep, production Kubernetes security experience, including RBAC, workload hardening, network policies/segmentation, and enforcement mechanisms (admission control and/or policy-as-code).
Strong Python application security experience with web services and APIs, including robust authentication and authorization design.
Strong cloud security fundamentals in Amazon Web Services (AWS) (Identity and Access Management (IAM), encryption concepts, segmentation, least privilege).
Demonstrated ability to ship automated guardrails (not just reviews): controls that are enforceable, measurable, and paired with pragmatic rollout and exception workflows.
Operating traits: high ownership, strong cross-functional influence, clear written communication, and the ability to prioritize security work that meaningfully reduces risk while preserving developer velocity.
A generalist mindset: you are comfortable moving between Kubernetes/platform layers, CI/CD, and Python services as needed.
Compensation
We offer competitive compensation, startup equity, health insurance, and additional benefits. The U.S. base salary range for this full-time, in-person role in New York is $200,000 - $350,000, plus equity and benefits. Our salary ranges are based on location, level, and role. Individual compensation is determined by experience, skills, and job-related knowledge.
Why You Should Join Us
We’ll make sure you’re fully supported with health insurance, a great tech setup, flexible time off, and plenty of in-office snacks. We offer competitive salary and equity packages, and take thoughtful consideration with every hire on our small, high-impact team.
Traversal is fully in-office, 5 days a week, based in New York near Madison Square Park. We have a collaborative, hard-working culture and are energized by building the future of AI-powered software maintenance.
Working here means owning meaningful parts of the product, having the flexibility to move fast, and learning constantly. This is a place to grow your career, make a real impact, and help define a new category of infrastructure software.
Traversal is the AI Site Reliability Engineer (SRE) for the enterprise—already trusted by some of the largest companies in the world to troubleshoot, remediate, and even prevent the most complex production incidents. Our mission is to free engineers from endless firefighting and enable them to focus on creative, high-impact work.
Our roots remain deeply embedded in AI research, and we’re channeling that scientific rigor and creativity into building the premier AI agent lab for the enterprise. Hence, what we’re proudest of is assembling the most talented yet nicest group of individuals, including researchers from MIT, Harvard, and Berkeley, to world-class engineers from industry: Citadel Securities, Cockroach Labs, Datadog, DE Shaw, ServiceNow, Glean, Perplexity, Pinecone, and more, to take on one of the hardest problems for AI to solve. Without the entire team, none of this would be possible.
The Role
We’re hiring a Infrastructure & Application Security Engineer who likes security, loves Kubernetes, and is excited to be a high-performing generalist. You will lead security work across our cloud platform and Python services, building guardrails that are automated, measurable, and low-friction for engineers.
This is a hands-on role at the intersection of:
Deep Kubernetes security and platform primitives
Service-to-service security in a modern cluster, including Istio Ambient (Istio “ambient mode”)
Application security for Python APIs in a multi-tenant Software-as-a-Service (SaaS) environment
In this role, you’ll set direction, define standards, and build scalable mechanisms—while still writing and shipping code.
What You’ll Do
Kubernetes security and guardrails: Define and enforce baseline controls across clusters (for example, Role-Based Access Control (RBAC), Pod Security Standards alignment, network segmentation, admission controls and policy-as-code).
Service-to-service security with Istio Ambient: Partner with platform teams to harden service-to-service communication, adopt secure defaults, and implement policies that are debuggable and safe to roll out incrementally.
Application security for Python services: Own security standards for Python web services (for example, FastAPI), including authentication, authorization, session management, secure input handling, safe error patterns, and abuse protections (rate limiting and throttling).
Multi-tenant security: Define authorization invariants that prevent cross-tenant access, standardize tenant-scoped data access patterns, and build regression tests and tooling that continuously validate isolation.
Secrets governance: Standardize secrets storage and delivery patterns across workloads, including rotation and auditable access.
Secure delivery pipelines: Secure GitOps and Continuous Integration / Continuous Delivery (CI/CD) workflows with preventative controls, policy checks, and scanning for Kubernetes configuration, Infrastructure as Code (IaC), and dependencies.
Threat modeling and enablement: Lead threat modeling for new features and integrations; translate findings into paved-road patterns, documentation, and engineering work that scales across teams.
Operational readiness: Improve incident response readiness and post-incident follow-through by turning lessons learned into durable guardrails, tests, and metrics.
What We’re Looking For
Deep, production Kubernetes security experience, including RBAC, workload hardening, network policies/segmentation, and enforcement mechanisms (admission control and/or policy-as-code).
Strong Python application security experience with web services and APIs, including robust authentication and authorization design.
Strong cloud security fundamentals in Amazon Web Services (AWS) (Identity and Access Management (IAM), encryption concepts, segmentation, least privilege).
Demonstrated ability to ship automated guardrails (not just reviews): controls that are enforceable, measurable, and paired with pragmatic rollout and exception workflows.
Operating traits: high ownership, strong cross-functional influence, clear written communication, and the ability to prioritize security work that meaningfully reduces risk while preserving developer velocity.
A generalist mindset: you are comfortable moving between Kubernetes/platform layers, CI/CD, and Python services as needed.
Compensation
We offer competitive compensation, startup equity, health insurance, and additional benefits. The U.S. base salary range for this full-time, in-person role in New York is $200,000 - $350,000, plus equity and benefits. Our salary ranges are based on location, level, and role. Individual compensation is determined by experience, skills, and job-related knowledge.
Why You Should Join Us
We’ll make sure you’re fully supported with health insurance, a great tech setup, flexible time off, and plenty of in-office snacks. We offer competitive salary and equity packages, and take thoughtful consideration with every hire on our small, high-impact team.
Traversal is fully in-office, 5 days a week, based in New York near Madison Square Park. We have a collaborative, hard-working culture and are energized by building the future of AI-powered software maintenance.
Working here means owning meaningful parts of the product, having the flexibility to move fast, and learning constantly. This is a place to grow your career, make a real impact, and help define a new category of infrastructure software.