Job Description

About Fluidstack

At Fluidstack we build the compute data centers and power that will fuel artificial superintelligence. We supply GWs of compute capabilities to the worlds biggest AI Labs at industry-defining speeds.

Our team is small fast and obsessed with quality. We own outcomes end-to-end challenge assumptions and treat our customers problems as our own. No task is beneath anyone here.

There are a few thousand people who will shape the trajectory of superintelligence. Come and be one of them.

About the Role

Fluidstack operates the compute infrastructure that powers frontier AI including some of the most demanding training and inference workloads on the planet. We are building a Security Operations function from the ground up and we want to build it right: AI-native highly automated and designed for the scale and threat model of a company that sits at the intersection of critical infrastructure and frontier AI development.

The threat model here is not a narrow one. We operate corporate infrastructure and data center sites across multiple geographies complex IT and OT/ICS environments and cloud infrastructure all serving customers whose work attracts sophisticated persistent and well-resourced adversaries. State-nexus actors insider risk supply chain compromise physical intrusion and infrastructure disruption are all real considerations. The SOC you build has to be credible against all of them and the operating model has to hold up in a multi-stakeholder environment that includes upstream and downstream customers and partners with their own security requirements audit rights and contractual SLAs.

This is not a role for someone who wants to manage a room full of analysts watching dashboards. This is a role for someone who wants to architect an entirely different model one where AI handles L1 at scale agentic workflows close the loop on routine response a real threat intelligence function that drives detection and where human analysts spend their time on work that requires genuine expertise and judgment. Youll be a builder across three dimensions simultaneously: the technical architecture the operating model and the team. If youve been frustrated watching the industry default to hire more people when the answer is build better systems this is the role youve been waiting for.

Focus

• SOC Architecture & Build: design and build FluidStacks security operations capability from scratch including data architecture detection logic automation fabric toolchain and team model using a modern stack

• AI-Native Detection & Triage: define and implement a detection philosophy that assumes AI handles L1; build the pipelines enrichment logic and triage automation that resolves high-volume low-ambiguity alert classes without human intervention

• Agentic Response Workflows: design and deploy autonomous response workflows that contain investigate and remediate: not just notify; own and continuously push the boundary between machine-closed and human-required cases

• LLM-Assisted Investigation: integrate LLM-based tooling into the analyst workflow for case summarization log interpretation and hypothesis generation; define how AI augments analyst cognition as a genuine force multiplier

• Detection Engineering: own the detection content lifecycle end-to-end: MITRE ATT&CK coverage mapping detection-as-code workflows alert quality metrics and continuous tuning across a heterogeneous environment

• Threat Intelligence: build and operationalize a threat intelligence program that produces finished intelligence relevant to FluidStacks specific threat model and customer base and connects directly to detection content and hunting hypotheses

• Threat Hunting: design and run a proactive hunting capability operating independently of the alert queue covering cloud OT/ICS physical telemetry and endpoint across a threat landscape that includes sophisticated targeted actors

• Multi-Site Physical OT/ICS Coverage: build detection coverage across data center sites security-instrumented OT/ICS systems physical access telemetry and BMS environments that dont look like a standard enterprise

• Operating Model Design: define the coverage model escalation logic stakeholder interfaces SLA architecture and feedback loops that make the SOC function as a system not just a team

• Team & Vendor Strategy: define the human layer of the SOC: size structure sourcing model and skill profile; make the MSSP build-vs-buy call with data not defaults

• Customer & Regulatory Obligations: ensure the SOC can reliably and demonstrably meet contractual incident notification SLAs and compliance obligations across FluidStacks customer base

About You

• You bring technical depth across the core disciplines

  • Proven experience designing or substantially rebuilding a SOC not just running one someone else built

  • Deep hands-on background in detection engineering SIEM/data lake architecture and SOAR automation

  • Genuine experience with AI/ML applied to security operations not familiarity with vendor marketing

  • Hands-on threat intelligence program development including finished intel production and operationalization

  • Active threat hunting experience across heterogeneous environments

  • Exposure to OT/ICS environments or physical security telemetry at scale

  • Track record of reducing MTTD and MTTR through automation and architecture not headcount

• You know how to design an operating model not just run one

  • Experience structuring coverage models escalation logic and stakeholder interfaces in environments where the org chart doesnt make things simple

  • Comfort navigating a multi-stakeholder environment with competing priorities and external accountability: customers auditors regulators

  • Experience operating under contractual security obligations with defined incident response SLAs

  • Ability to build processes that scale with automation rather than headcount and to make that case credibly

• You can lead a team and build a culture

  • Experience hiring developing and retaining security operations talent across a range of specializations

  • Ability to define team structure that matches the operating model: not the one that came before it

  • Track record of building culture in a function that operates under pressure

• Strong differentiators

  • Experience with LLM integration into security tooling including prompt engineering and evaluating AI output reliability under adversarial conditions

  • Data engineering fluency at the schema and query level

  • Experience designing SOC coverage for hyperscale or critical infrastructure environments

  • Threat intelligence program experience targeting sophisticated or nation-state-adjacent actors

  • Comfort in a compliance-adjacent environment (SOC 2 ISO 27001 FedRAMP-adjacent) without being compliance-driven

Salary & Benefits

• Competitive total compensation package (salary equity).

• Retirement or pension plan in line with local norms.

• Health dental and vision insurance.

• Generous PTO policy in line with local norms.

The base salary range for this position is $250000- $350000 per year depending on experience skills qualifications and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.

We are committed to pay equity and transparency.

Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin sexual orientation gender identity disability and protected veterans status or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email please email with your resume/CV the role youve applied for and the date you submitted your application-- someone from our recruiting team will be in touch.

Required Experience:

Director

Job Tags

Similar Jobs