IT Security & Infrastructure Engineer

Atomic Machines is ushering in a new era in micromanufacturing with its Matter Compiler (MC) technology. The MC enables new classes of micromachines to be designed and built by offering manufacturing processes and a materials library that is inaccessible to semiconductor manufacturing methods. The MC promises to unlock MEMS manufacturing both for the many device classes that never could be made by semiconductor methods but also to open up entirely new classes. Furthermore, the MC is fully digital in the way 3D printing is digital, but where 3D printing produces parts of a single material using a single process, the MC is a multi-process, multi-material technology: bits and raw materials go in and complete, functional micromachines come out.  The Atomic Machines team has also created an exciting first device – one that was only made possible by the existence of the Matter Compiler – that we will be unveiling to the world soon. 
Our offices are in Emeryville and Santa Clara, California.
About the Role:We are seeking an experienced Infrastructure Security Engineer to secure and support our enterprise infrastructure across physical sites, cloud platforms, and end-user environments. This is a hands-on, deeply technical role that blends network and endpoint security, IAM, vulnerability management, and operational IT support. You’ll be responsible for ensuring high trust across systems, while also being a go-to partner for senior leaders requiring onsite support.
This role reports directly to the Head of Security and requires regular onsite presence in Emeryville with periodic travel to Santa Clara.

What You'll Do:

• Security Architecture & Network Defense:
• Design and enforce perimeter defense using Palo Alto NGFWs, NAT rules, VPN tunnels, and threat profiles
• Segment and secure internal networks using Meraki switches, VLANs, and SSID policy controls
• Harden AWS environments (VPC, IAM roles, GuardDuty, SCP, S3 controls) and implement secure connectivity


• Endpoint Security & MDM:
• Lead the deployment and policy management of Workspace ONE MDM across laptops and mobile devices (+++)
• Manage and support endpoint protection tools including CrowdStrike, DLP configurations, and USB controls
• Enforce patching across devices with tools like Automox, and manage full asset lifecycle


• Identity & Access Management:
• Administer and optimize Okta for SSO, MFA, group-based access, and SCIM provisioning
• Define and maintain least privilege access policies across apps, cloud services, and infrastructure


• Threat & Vulnerability Management:
• Own TVM tooling (e.g., Rapid7 InsightVM) and drive risk-based remediation workflows
• Collaborate with IT, DevOps, and Engineering to track remediation SLAs and patch compliance


• IT Support & Help Desk Escalation:
• Provide onsite support for senior management and teams across hardware, software, and connectivity issues
• Perform basic diagnosis and resolution for Windows, Linux, and macOS systems
• Coordinate with outsourced help desk services and act as Tier 2/3 escalation for time-sensitive issues
• Maintain working knowledge of AV systems used for conferencing, board meetings, and team collaboration


• Enablement & Collaboration:
• Deliver periodic security and onboarding training for users in partnership with the IT and People teams
• Contribute to SOPs, runbooks, and IT-security integration plans for new labs, offices, and infrastructure
• Partner with Facilities and Operations for secure device provisioning, inventory, and access enforcement

What you'll Need:

• A first-principles mindset — you question assumptions, reframe problems from the ground up, and approach challenges with a foundational understanding rather than relying solely on precedent.
• 5+ years of experience in infrastructure or IT security roles
• Deep experience in perimeter and endpoint security (Palo Alto, CrowdStrike, Meraki, etc.)
• Proven deployment and management experience with Workspace ONE or equivalent MDM (+++)
• Proficiency with Okta, AWS IAM policies, and secure network segmentation
• Experience with vulnerability scanners and patching tools (e.g., Rapid7, Automox)
• Comfortable supporting Mac, Linux, and Windows in an IT-secured environment
• Hands-on with hardware/software troubleshooting, especially for senior staff and R&D users
• Willingness to be onsite full time in Santa Clara with travel to Berkeley as needed

Bonus Points For:

• Certifications: PCNSA, AWS Security Specialty, Okta Certified Admin, CISSP, etc.
• Familiarity with SOC 2, ISO 27001, or NIST 800-53 controls
• Experience supporting OT or R&D environments, including AV and lab equipment
• Scripting or automation knowledge (e.g., Bash, Python, Ansible, Terraform)
• Strong documentation skills using Jira, Confluence, or similar tools