Director of Security Operations at Fluidstack

ABOUT FLUIDSTACK At Fluidstack, we’re building the infrastructure for abundant intelligence. We partner with top AI labs, governments, and enterprises - including Mistral, Poolside, Black Forest Labs, Meta, and more - to unlock compute at the speed of light. We’re working with urgency to make AGI a reality. As such, our team is highly motivated and committed to delivering world-class infrastructure. We treat our customers’ outcomes as our own, taking pride in the systems we build and the trust we earn. If you’re motivated by purpose, obsessed with excellence, and ready to work very hard to accelerate the future of intelligence, join us in building what's next. ABOUT THE ROLE Fluidstack operates the compute infrastructure that powers frontier AI, including some of the most demanding training and inference workloads on the planet. We are building a Security Operations function from the ground up, and we want to build it right: AI-native, highly automated, and designed for the scale and threat model of a company that sits at the intersection of critical infrastructure and frontier AI development. The threat model here is not a narrow one. We operate corporate infrastructure and data center sites across multiple geographies, complex IT and OT/ICS environments, and cloud infrastructure, all serving customers whose work attracts sophisticated, persistent, and well-resourced adversaries. State-nexus actors, insider risk, supply chain compromise, physical intrusion, and infrastructure disruption are all real considerations. The SOC you build has to be credible against all of them, and the operating model has to hold up in a multi-stakeholder environment that includes upstream and downstream customers and partners with their own security requirements, audit rights, and contractual SLAs. This is not a role for someone who wants to manage a room full of analysts watching dashboards. This is a role for someone who wants to architect an entirely different model, one where AI handles L1 at scale, agentic workflows close the loop on routine response, a real threat intelligence function that drives detection, and where human analysts spend their time on work that requires genuine expertise and judgment. You'll be a builder across three dimensions simultaneously: the technical architecture, the operating model, and the team. If you've been frustrated watching the industry default to "hire more people" when the answer is "build better systems," this is the role you've been waiting for. FOCUS - SOC Architecture & Build: design and build FluidStack's security operations capability from scratch, including data architecture, detection logic, automation fabric, toolchain, and team model, using a modern stack - AI-Native Detection & Triage: define and implement a detection philosophy that assumes AI handles L1; build the pipelines, enrichment logic, and triage automation that resolves high-volume, low-ambiguity alert classes without human intervention - Agentic Response Workflows: design and deploy autonomous response workflows that contain, investigate, and remediate: not just notify; own and continuously push the boundary between machine-closed and human-required cases - LLM-Assisted Investigation: integrate LLM-based tooling into the analyst workflow for case summarization, log interpretation, and hypothesis generation; define how AI augments analyst cognition as a genuine force multiplier - Detection Engineering: own the detection content lifecycle end-to-end: MITRE ATT&CK coverage mapping, detection-as-code workflows, alert quality metrics, and continuous tuning across a heterogeneous environment - Threat Intelligence: build and operationalize a threat intelligence program that produces finished intelligence relevant to FluidStack's specific threat model and customer base, and connects directly to detection content and hunting hypotheses - Threat Hunting: design and run a proactive hunting capability operating independently of the alert queue, covering cloud, OT/ICS, physical telemetry, and endpoint across a threat landscape that includes sophisticated, targeted actors - Multi-Site Physical + OT/ICS Coverage: build detection coverage across data center sites, security-instrumented OT/ICS systems, physical access telemetry, and BMS environments that don't look like a standard enterprise - Operating Model Design: define the coverage model, escalation logic, stakeholder interfaces, SLA architecture, and feedback loops that make the SOC function as a system, not just a team - Team & Vendor Strategy: define the human layer of the SOC: size, structure, sourcing model, and skill profile; make the MSSP build-vs-buy call with data, not defaults - Customer & Regulatory Obligations: ensure the SOC can reliably and demonstrably meet contractual incident notification SLAs and compliance obligations across FluidStack's customer base ABOUT YOU - You bring technical depth across the core disciplines - Proven experience designing or substantially rebuilding a SOC, not just running one someone else built - Deep hands-on background in detection engineering, SIEM/data lake architecture, and SOAR automation - Genuine experience with AI/ML applied to security operations, not familiarity with vendor marketing - Hands-on threat intelligence program development, including finished intel production and operationalization - Active threat hunting experience across heterogeneous environments - Exposure to OT/ICS environments or physical security telemetry at scale - Track record of reducing MTTD and MTTR through automation and architecture, not headcount - You know how to design an operating model, not just run one - Experience structuring coverage models, escalation logic, and stakeholder interfaces in environments where the org chart doesn't make things simple - Comfort navigating a multi-stakeholder environment with competing priorities and external accountability: customers, auditors, regulators - Experience operating under contractual security obligations with defined incident response SLAs - Ability to build processes that scale with automation rather than headcount, and to make that case credibly - You can lead a team and build a culture - Experience hiring, developing, and retaining security operations talent across a range of specializations - Ability to define team structure that matches the operating model: not the one that came before it - Track record of building culture in a function that operates under pressure - Strong differentiators - Experience with LLM integration into security tooling, including prompt engineering and evaluating AI output reliability under adversarial conditions - Data engineering fluency at the schema and query level - Experience designing SOC coverage for hyperscale or critical infrastructure environments - Threat intelligence program experience targeting sophisticated or nation-state-adjacent actors - Comfort in a compliance-adjacent environment (SOC 2, ISO 27001, FedRAMP-adjacent) without being compliance-driven SALARY & BENEFITS - Competitive total compensation package (salary + equity). - Retirement or pension plan, in line with local norms. - Health, dental, and vision insurance. - Generous PTO policy, in line with local norms. The base salary range for this position is $250,000- $350,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options. We are committed to pay equity and transparency. Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email, please email [Upgrade to PRO to see contact] with your resume/CV, the role you've applied for, and the date you submitted your application-- someone from our recruiting team will be in touch.