Security Infrastructure Engineer
PointOne
Other Engineering
New York, NY, USA
Posted on Apr 17, 2026
About PointOne
PointOne is reinventing how law firms operate. We build infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies. We build and operate systems that process the most confidential data for institutions working on the most sensitive matters. Security for us is a strategic priority. We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment.
Our AI timekeeper helps attorneys capture billable time automatically and provides rich insights that transform how legal work is managed. We're a Tier 1 venture-backed startup (Y Combinator, Bessemer, 8VC, General Catalyst) made up of engineers (Google, Applied Intuition, Stanford) and ex-attorneys. Alongside a recent Series A round and rapid customer adoption, we're expanding our GTM team to keep up with overwhelming demand.
The Role
Let’s Start With What This Isn’t
This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization.
You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely.
What You’ll Own
Infrastructure Security
Why This Role Matters
A security breach at PointOne would have consequences extending far beyond the survival of our company. This role exists to:
This is intense early-stage startup work. You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product.
The compensation for this position is determined by multiple factors, including prior experience and expertise. A competitive equity component will also be offered as part of the package. Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!
PointOne is reinventing how law firms operate. We build infrastructure for the legal industry, powering timekeeping and billing systems used by law firms and government agencies. We build and operate systems that process the most confidential data for institutions working on the most sensitive matters. Security for us is a strategic priority. We’re hiring a senior engineer to own the security, scalability, and cost efficiency of our AWS environment.
Our AI timekeeper helps attorneys capture billable time automatically and provides rich insights that transform how legal work is managed. We're a Tier 1 venture-backed startup (Y Combinator, Bessemer, 8VC, General Catalyst) made up of engineers (Google, Applied Intuition, Stanford) and ex-attorneys. Alongside a recent Series A round and rapid customer adoption, we're expanding our GTM team to keep up with overwhelming demand.
The Role
Let’s Start With What This Isn’t
- Not a GRC or paperwork-heavy compliance role
- Not a vulnerability-scanning-only position
- Not a “turn on GuardDuty and call it done” role
This is a hands-on engineering role at the intersection of security, cloud architecture, and platform optimization.
You will harden our AWS infrastructure, reduce blast radius, eliminate unnecessary exposure, and ensure our systems scale efficiently and securely.
What You’ll Own
Infrastructure Security
- Design and enforce least-privilege IAM across services
- Implement permission boundaries and SCP strategy
- Reduce attack surface across networking and service exposure
- Improve secrets management and KMS key segmentation
- Lead threat modeling across core systems
- Design blast-radius containment strategies
- Strengthen logging, monitoring, and anomaly detection
- Ensure logs are immutable and auditable
- Build and test incident response playbooks
- Review new infrastructure designs for security risks
- Optimize AWS architecture for reliability and efficiency
- Improve Lambda/SQS concurrency and scaling patterns
- Evaluate and improve RDS scaling strategy
- Drive principled tradeoffs between isolation, performance, and cost
- 5+ years operating AWS infrastructure in production
- Deep IAM expertise (roles, policies, trust relationships, STS)
- Strong AWS networking knowledge (VPC, PrivateLink, Security Groups)
- Experience designing multi-account AWS environments
- Hands-on experience responding to real security incidents
- Strong understanding of cloud attack vectors and privilege escalation
- Experience reducing cloud cost without compromising security
- Comfortable working directly in CDK/Terraform and reviewing infrastructure code
Why This Role Matters
A security breach at PointOne would have consequences extending far beyond the survival of our company. This role exists to:
- Protect sensitive institutions
- Raise the engineering bar on secure system design
- Build infrastructure that enterprise and government customers can trust
This is intense early-stage startup work. You will be expected to take ownership, bring structure to ambiguity, and build the connective tissue between our customers and our product.
The compensation for this position is determined by multiple factors, including prior experience and expertise. A competitive equity component will also be offered as part of the package. Benefits include comprehensive health, dental, and vision insurance, as well as meals in office, regular team events, and more!