Director of Security Operations

ABOUT FLUIDSTACK At Fluidstack, we build the compute, data centers, and power that will fuel artificial superintelligence. We work with Anthropic, Google, Meta, AMI Labs, and Black Forest Labs to deploy gigawatts of compute at industry defining speeds. We are investing tens of billions of dollars in US infrastructure. In 2026, we will deploy 1GW. In 2027, 10GW. Our team is small, fast, and obsessed with quality. We own outcomes end-to-end, challenge assumptions, and treat our customers' problems as our own. No task is beneath anyone here. There are a few thousand people who will shape the trajectory of superinteligence. Come and be one of them. ABOUT THE ROLE Fluidstack operates the compute infrastructure that powers frontier AI, including some of the most demanding training and inference workloads on the planet. We are building a Security Operations function from the ground up, and we want to build it right: AI-native, highly automated, and designed for the scale and threat model of a company that sits at the intersection of critical infrastructure and frontier AI development. The threat model here is not a narrow one. We operate corporate infrastructure and data center sites across multiple geographies, complex IT and OT/ICS environments, and cloud infrastructure, all serving customers whose work attracts sophisticated, persistent, and well-resourced adversaries. State-nexus actors, insider risk, supply chain compromise, physical intrusion, and infrastructure disruption are all real considerations. The SOC you build has to be credible against all of them, and the operating model has to hold up in a multi-stakeholder environment that includes upstream and downstream customers and partners with their own security requirements, audit rights, and contractual SLAs. This is not a role for someone who wants to manage a room full of analysts watching dashboards. This is a role for someone who wants to architect an entirely different model, one where AI handles L1 at scale, agentic workflows close the loop on routine response, a real threat intelligence function that drives detection, and where human analysts spend their time on work that requires genuine expertise and judgment. You'll be a builder across three dimensions simultaneously: the technical architecture, the operating model, and the team. If you've been frustrated watching the industry default to "hire more people" when the answer is "build better systems," this is the role you've been waiting for. FOCUS - SOC Architecture & Build: design and build FluidStack's security operations capability from scratch, including data architecture, detection logic, automation fabric, toolchain, and team model, using a modern stack - AI-Native Detection & Triage: define and implement a detection philosophy that assumes AI handles L1; build the pipelines, enrichment logic, and triage automation that resolves high-volume, low-ambiguity alert classes without human intervention - Agentic Response Workflows: design and deploy autonomous response workflows that contain, investigate, and remediate: not just notify; own and continuously push the boundary between machine-closed and human-required cases - LLM-Assisted Investigation: integrate LLM-based tooling into the analyst workflow for case summarization, log interpretation, and hypothesis generation; define how AI augments analyst cognition as a genuine force multiplier - Detection Engineering: own the detection content lifecycle end-to-end: MITRE ATT&CK coverage mapping, detection-as-code workflows, alert quality metrics, and continuous tuning across a heterogeneous environment - Threat Intelligence: build and operationalize a threat intelligence program that produces finished intelligence relevant to FluidStack's specific threat model and customer base, and connects directly to detection content and hunting hypotheses - Threat Hunting: design and run a proactive hunting capability operating independently of the alert queue, covering cloud, OT/ICS, physical telemetry, and endpoint across a threat landscape that includes sophisticated, targeted actors - Multi-Site Physical + OT/ICS Coverage: build detection coverage across data center sites, security-instrumented OT/ICS systems, physical access telemetry, and BMS environments that don't look like a standard enterprise - Operating Model Design: define the coverage model, escalation logic, stakeholder interfaces, SLA architecture, and feedback loops that make the SOC function as a system, not just a team - Team & Vendor Strategy: define the human layer of the SOC: size, structure, sourcing model, and skill profile; make the MSSP build-vs-buy call with data, not defaults - Customer & Regulatory Obligations: ensure the SOC can reliably and demonstrably meet contractual incident notification SLAs and compliance obligations across FluidStack's customer base ABOUT YOU - You bring technical depth across the core disciplines - Proven experi