← Back to jobs

Network Security Engineer

etched

OnSite San Jose
Uncategorized

Job Score

70 pts
On-site model (+70)

About Etched

Etched is building hardware for frontier intelligence. We co-design chips, racks, software, and manufacturing to deliver best-in-class throughput and latency across both prefill and decode workloads. Our first products are heavily focused on inference. Backed by hundreds of millions from top-tier investors and staffed by leading engineers, Etched is redefining the infrastructure layer for the fastest growing industry in history.

Job Summary

Etched's infrastructure spans some of the most sensitive compute environments in the industry: bare-metal HPC clusters running proprietary ASIC workloads, hybrid on-prem/cloud deployments, and internal toolchains that house irreplaceable chip design IP. As we scale from early silicon to production, securing these environments is foundational — not an afterthought.

As our first dedicated Network Security Engineer, you will own the design and implementation of Etched's network security posture end to end. You'll work alongside the infrastructure team to harden our physical and virtual networks, enforce least-privilege access to chip design environments, and build the detection and response capabilities that keep our most sensitive assets safe.

This is a high-ownership role for someone who wants to shape security architecture at a company building the compute infrastructure for the next decade of AI — not maintain someone else's stack.

Key Responsibilities

  • Design and implement a zero-trust network architecture across on-prem datacenters, multiple office locations, and multi-cloud platforms, including secure remote access that eliminates VPN sprawl without sacrificing engineer usability and speed

  • Define and enforce network segmentation policies that isolate sensitive ASIC development workflows from general infrastructure, customer access, validation labs, and manufacturing infrastructure

  • Balancing prevention and detection, deploy, tune, and operate NDR, IDS/IPS, and next-generation firewalls across our physical and virtual network fabric; build automation to continuously assess and enforce firewall rules, ACLs, and routing policies - treating network security configuration as code

  • Integrate and operate EDR/XDR, MDM/MAM, SASE, and CASB tooling in partnership with end-user and IT teams, enforcing unified DLP policies and device compliance posture across endpoint, cloud, and network control planes to eliminate data exfiltration risk

  • Own our vulnerability management process for network-layer exposure: scanning, prioritization, and remediation tracking in partnership with infrastructure engineers

  • Lead incident response for network-layer security events: detection, containment, root-cause analysis, and post-incident hardening

  • Partner with legal, compliance, and leadership to support regulatory requirements and customer security reviews as they arise

  • Architect and deploy network segmentation for our HPC clusters, isolating EDA tool traffic, ASIC simulation workloads, and CI pipelines from each other and from the corporate network

  • Architect and deploy a ZTNA-based corporate network that eliminates VPN sprawl and ensures end-user devices maintain a consistent security posture and seamless access to sensitive development environments - whether engineers are on-site, remote, or traveling - replacing location-dependent trust with continuous identity and device health verification

  • Design and implement a scalable NDR pipeline that ingests flow data across bare-metal switches and cloud VPCs, feeds a centralized SIEM, and generates actionable alerts with low false-positive rates

  • Develop runbooks and automated playbooks for the highest-probability incident scenarios - credential compromise, lateral movement, and exfiltration from IP-sensitive environments

  • Integrate EDR/XDR telemetry with SASE enforcement and CASB inline controls to build a unified DLP detection and response pipeline spanning endpoints, cloud SaaS, and the corporate network

  • Partner with end-user and IT teams to roll out MDM/MAM policies that containerize sensitive IP on engineer devices and enforce compliance-based conditional access across managed and unmanaged environments

You may be a good fit if you have (Must-have qualifications)

  • Bring deep, broad networking expertise - from low-level packet analysis and firewall log forensics to BGP configuration, multi-cloud networking, and CASB/SASE integration across a diverse SaaS landscape

  • Have hands-on experience with the Fortinet ecosystem - firewalls, FortiSASE, FortiAPs, and switches - and are comfortable with Arista switch platforms, including configuration, EOS automation, and integration into a broader security architecture

  • Treat security as an engineering discipline: you write code and automation rather than relying on point-and-click tooling, version-control your configurations, and develop intent-driven network automation

  • Have experience securing high-value compute environments - datacenters, HPC clusters, semiconductor design environments, or similar settings where the cost of a breach is extremely high

  • Have deployed and integrated EDR/XDR, MDM/MAM, SASE, and CASB tooling, and understand how to stitch them together into a unified DLP and access control framework that spans endpoints, cloud, and the network

  • Have built or operated ZTNA-based access models and understand how to enforce consistent security posture across on-site, remote, and traveling users without degrading the experience for engineers

  • Are comfortable owning your domain with minimal oversight: you can independently scope a project, identify the right tooling, and drive it to completion

  • Have strong Linux fundamentals and understand how OS-level networking (iptables/nftables, network namespaces, eBPF) interacts with physical and virtual network security controls

  • Have built or operated network security monitoring at scale - you know the difference between a good alert and noise, and you can architect a detection pipeline that surfaces real signal

  • Can communicate risk clearly to both technical peers and non-technical leadership, and can translate security requirements into actionable infrastructure changes

Strong candidates may also have experience with (Nice-to-have qualifications)

  • Experience with EDA environments or semiconductor IP security

  • Familiarity with cloud-native network security controls on AWS, GCP, or Azure (security groups, VPC flow logs, cloud firewalls, CSPM)

  • Background in or exposure to NIST, SOC 2, or ISO 27001 frameworks

  • Experience with eBPF-based network observability and security tooling

Benefits

  • Medical, dental, and vision packages with generous premium coverage

    • $500 per month credit for waiving medical benefits

  • Housing subsidy of $2k per month for those living within walking distance of the office

  • Relocation support for those moving to San Jose (Santana Row)

  • Various wellness benefits covering fitness, mental health, and more

  • Daily lunch and dinner in our office

  • Unlimited compute budget subject to ROI justification

How we're different

Etched believes in the Bitter Lesson. We are the first inference-focused frontier AI system, betting early on transformer and transformer-like architectures and on increasing model sizes. Our addressable market is the entirety of inference, unlike many of our competitors.


We are a fully in-person team in San Jose (Santana Row), and greatly value engineering skills. We do not have boundaries between engineering and research, and we expect all of our technical staff to contribute to both and work across disciplines as needed.

Guias de Carreira

Guia de Carreira em Tecnologia

Planejamento, habilidades, entrevistas e crescimento profissional em TI, Ciência de Dados, DevOps e Produto.

Ler guia completo →

Guia de Carreira em Design

UX/UI, Design Gráfico, Design de Produto. Portfólio, ferramentas, entrevistas e crescimento na área de Design.

Ler guia completo →

Guia de Carreira em Marketing

SEO, Mídia Paga, Growth, Marketing de Conteúdo. Certificações, ferramentas e estratégias para crescer no Marketing Digital.

Ler guia completo →

Guia de Carreira em Finanças

Mercado financeiro, investimentos, finanças corporativas, certificações e estratégias para crescer na área financeira.

Ler guia completo →

Guia de Carreira em Comunicacao

Jornalismo, RP, Comunicacao Corporativa, Marketing de Conteudo e Producao Multimidia.

Ler guia completo →

Guia de Carreira em Administracao

Gestao de Empresas, RH, Logistica, Consultoria, Gestao de Projetos e Empreendedorismo.

Ler guia completo →

Guia de Carreira em Dados

Ciencia de Dados, Engenharia de Dados, BI, Machine Learning e IA. Da formacao ao mercado.

Ler guia completo →

Guia de Carreira em Produto

Product Management, Product Ownership, Agile, Scrum e OKRs. Da estrategia a execucao.

Ler guia completo →

Dica do Especialista

O Novo Jogo do Marketing Digital em 2026

O mercado de marketing digital em 2026 consolidou uma ruptura definitiva: o conteúdo que apenas informa tornou-se commodity. Se anos atrás a briga era por "produzir em volume para ser visto", o avanço exponencial da Inteligência Artificial Generativa e das regras de privacidade mudou o foco. O marketing digital hoje exige uma abordagem preditiva, altamente técnica e, paradoxalmente, muito mais humana.

Neste cenário maduro, não basta dominar ferramentas de anúncios ou publicar nas redes sociais. A disputa agora acontece nos bastidores tecnológicos: na gestão de dados primários, na integração do marketing com vendas e na capacidade de criar uma marca com autoridade inquestionável.

1. O Fim do "Hacking" e a Ascensão do First-Party Data (Dados Proprietários)

Com regulamentações rígidas de privacidade globais e o fim do suporte a cookies de terceiros pelos principais navegadores, as estratégias baseadas em "perseguir" o usuário pela web perderam força. O novo ativo mais valioso de uma empresa chama-se First-Party Data (dados coletados diretamente do consumidor, com consentimento).

Empresas que passaram os últimos anos construindo bases sólidas de leads e clientes (Inbound Marketing) possuem uma vantagem absurda sobre concorrentes que dependem exclusivamente do tráfego pago (Outbound) e de algoritmos do Google ou da Meta.

Ação Prática: O "Muro de Conteúdo"

Em 2026, marcas estão investindo pesadamente em plataformas próprias, comunidades e conteúdos premium que exigem cadastro (e-mail, preferências de consumo) para acesso, fugindo da dependência das redes sociais de terceiros.

2. IA Integrada, mas "Fadiga do Fake" no Conteúdo

A Inteligência Artificial já é rotina para a esmagadora maioria dos profissionais de marketing. Ferramentas como LLMs (modelos de linguagem grandes) otimizam processos, geram copies básicos, estruturam automações complexas (CRM) e prevêem comportamentos do usuário. No entanto, o uso da IA para Geração de Conteúdo em Massa fracassou.

"O mercado já batizou o movimento de ‘fadiga do fake’: a rejeição crescente a conteúdo genérico, perfeitamente estruturado, mas sem substância, ponto de vista ou experiência real."

Para se destacar em 2026, as marcas precisam comprovar o E-E-A-T (Experiência, Expertise, Autoridade e Confiabilidade). Os motores de busca e de IA (como Perplexity e ChatGPT Search) priorizam respostas que trazem vivência humana e opiniões de especialistas de nicho, penalizando textos robóticos ou puramente informativos.

3. SEO Multimodal e Social SEO

As buscas deixaram de ser exclusivas do Google e do formato de texto. Hoje, o SEO é fragmentado em duas grandes frentes que não podem mais ser ignoradas:

  • Busca Generativa e Multimodal (GEO): Otimização não apenas para links, mas para que a IA resuma a sua marca como "A" resposta para o usuário. Isso envolve dados estruturados perfeitos e otimização para buscas por voz e imagem (Google Lens).
  • Social SEO: O TikTok, Instagram e YouTube se tornaram os buscadores primários para as novas gerações. Em 2026, criar conteúdo otimizado com palavras-chave dentro das próprias redes sociais é tão vital quanto ranquear em motores tradicionais.

4. O Profissional de 2026: Obsessão por Performance e Growth

Para quem busca atuar na área, o mercado esfriou para o "especialista em apertar botões" (o gestor de mídias sociais genérico). As grandes oportunidades estão concentradas na intersecção entre criatividade, vendas e dados. As carreiras mais valorizadas são:

  • Growth Marketers e Especialistas em CRO (Otimização de Conversão): Profissionais focados em encontrar gargalos no funil de vendas, melhorando a experiência do usuário em landing pages e retendo clientes.
  • Analistas de Dados / Power BI no Marketing: Quem consegue comprovar o Retorno sobre Investimento (ROI) de cada real gasto, integrando os dashboards de marketing diretamente às metas do time comercial.
  • Estrategistas de Automação e CRM: O foco mudou do simples "disparo de e-mail" para a automação inteligente preditiva, que personaliza a comunicação no tempo certo, com a mensagem exata.

Conclusão

Em 2026, o marketing digital de sucesso é aquele que automatiza e escala a operação tecnológica através da inteligência artificial e uso inteligente de dados, mas mantém a estratégia, a empatia e a conexão humana como diferenciais insubstituíveis. O marketing não é mais sobre ser visto em todo lugar; é sobre ser relevante no lugar exato.