Security Engineer
Company: Etched
Location: San Jose
Posted on: April 1, 2026
|
|
|
Job Description:
About Etched Etched is building the world’s first AI inference
system purpose-built for transformers - delivering over 10x higher
performance and dramatically lower cost and latency than a B200.
With Etched ASICs, you can build products that would be impossible
with GPUs, like real-time video generation models and extremely
deep & parallel chain-of-thought reasoning agents. Backed by
hundreds of millions from top-tier investors and staffed by leading
engineers, Etched is redefining the infrastructure layer for the
fastest growing industry in history. Job Summary At Etched,
building and maintaining a secure yet friction-free computing
environment is central to our mission. As a Security Engineer, you
will protect the networks, systems, and applications that enable
our engineers to push the limits of AI hardware. You will design,
implement, and operate the monitoring, detection, and response
infrastructure that safeguards Etched’s intellectual property,
high-performance compute clusters, and developer workflows across
both on-prem and cloud environments. You will partner with
infrastructure, IT, application, and external provider teams to
build systems that are secure by design, resilient under pressure,
and seamless and easy to use for the end users. This role combines
hands-on technical depth with a focus on scalability and
automation. You will take ownership of Etched’s security posture
across infrastructure, IT, and applications, driving proactive
threat detection, real-time monitoring, and rapid incident
response. Your decisions will always balance maintaining full
firm-wide velocity while improving our security and defense
posture. You will develop tools, automation, and workflows that
evolve with our rapidly growing and expanding footprint and ensure
that security enhances, rather than hinders, innovation. If you are
motivated by precision, ownership, and impact, you will find Etched
the ideal place to advance your craft and contribute to the future
of AI computing. Key Responsibilities Manage and harden security
baselines across on-prem, hybrid, and cloud systems, ensuring
strong protection while maintaining speed and usability. Integrate
telemetry, logging, tracing, and management of structured,
semi-structured, and unstructured data across the entire
environment to provide unified and comprehensive observability into
infrastructure and application activity. Lead vulnerability
management, patching, and configuration assurance programs to
reduce exposure and maintain a consistent security posture. Partner
with infrastructure, IT, and application teams to strengthen
identity, access, and network security through Okta, Google
Workspace, and FreeIPA. Implement and maintain zero-trust network
architectures, SASE controls, CASB solutions, and conditional
access policies that protect both users and data across
environments to ensure full access and full control of our data and
IP regardless of location or device. Operate and enhance security
operations tooling, including SIEM, SOAR, and EDR/XDR platforms, to
ensure comprehensive monitoring and rapid detection of threats.
Develop and tune detection logic, automation, and playbooks for
identifying and responding to threats such as insider activity,
lateral movement, and anomalous behavior. Investigate and respond
to security incidents, performing root-cause analysis, containment,
and remediation while coordinating with engineering and IT. Build
automation, scripts, AI agents, and integrations that streamline
monitoring, alerting, and remediation workflows to improve
efficiency and reliability. Establish metrics, dashboards, and
feedback mechanisms to measure detection coverage, response time,
and overall security health. Promote a culture of security
awareness and ownership across engineering teams, ensuring that
protection and productivity advance together. Representative
Projects Implementing a centralized security telemetry pipeline
that aggregates logs and signals from networks, compute clusters,
storage, endpoints devices, build systems, and cloud services into
a unified SIEM for improved detection coverage. Designing and
developing Security Orchestration, Automation, and Response (SOAR)
workflows to automate repetitive tasks like alert triage, data
gathering, and initial containment, which improves SOC efficiency.
Help build a secure and flexible end user access framework that
uses SDWAN, SASE, CASB, conditional access, EDR and XDR, and
MDM/MAM to support productive, friction-free and secure work from
any location using different devices. Network Security Monitoring:
Configuring and monitoring network intrusion detection/prevention
systems (IDS/IPS) and firewalls to detect anomalies in network
traffic, especially on the SDWAN and client VPN links Creating and
refining detailed, documented incident response plans and playbooks
tailored to specific scenarios, such as a breach in a lab
environment or a compromised silicon testing machine. Conducting
regular vulnerability assessments and penetration testing on
internal systems and applications, then coordinating with relevant
teams to manage and remediate identified weaknesses. You May Be a
Good Fit If You Have 5-7 years of experience in security
engineering, SOC operations, detection engineering, incident
response, or a similar role that blends hands-on technical work
with analytical problem solving. Strong software engineering skills
with Python, Go, Bash, (C and Rust a major plus), including the
ability to design, implement, and maintain high-quality code,
automation frameworks, services, and integrations that improve
security, observability, and operational efficiency. Proficiency
with SIEM and SOAR platforms, including experience building
detections, dashboards, and automated workflows. Deep understanding
of EDR and XDR platforms, endpoint security hardening, and
telemetry collection across macOS, Linux, Windows, and server
environments. Experience implementing or supporting zero trust
architectures, including conditional access, SASE, CASB, and
identity-driven access control models. Familiarity with IAM and SSO
systems such as Okta, Google Workspace, and FreeIPA and the ability
to design secure identity, access, and authentication policies.
Strong networking knowledge, including SDWAN, VPN, IDS and IPS,
firewall administration, segmentation strategy, and monitoring of
network traffic for anomalies. Hands-on experience managing or
building security telemetry pipelines, log ingestion frameworks, or
observability systems that support both structured and unstructured
data. Solid understanding of threat modeling, the MITRE ATT and CK
framework, attacker tradecraft, and common detection and response
patterns. Experience performing vulnerability assessments,
penetration testing, or secure configuration reviews and
collaborating with teams to remediate identified risks. Exposure to
cloud and hybrid environments such as AWS, GCP, or on-prem clusters
and the ability to evaluate risks and implement protective controls
across these environments. Benefits Full medical, dental, and
vision packages, with generous premium coverage Housing subsidy of
$2,000/month for those living within walking distance of the office
Daily lunch and dinner in our office Relocation support for those
moving to San Jose (Santana Row) How we’re different Etched
believes in the Bitter Lesson . We think most of the progress in
the AI field has come from using more FLOPs to train and run
models, and the best way to get more FLOPs is to build
model-specific hardware. Larger and larger training runs encourage
companies to consolidate around fewer model architectures, which
creates a market for single-model ASICs. We are a fully in-person
team in San Jose (Santana Row), and greatly value engineering
skills. We do not have boundaries between engineering and research,
and we expect all of our technical staff to contribute to both as
needed.
Keywords: Etched, Danville , Security Engineer, IT / Software / Systems , San Jose, California
