Lead Security Engineer

AlembicSan Francisco, CA
$210,000 - $240,000Onsite

About The Position

Alembic is seeking a lead-level Security Engineer and Architect to take end-to-end ownership of system, network, and host security for a rapidly growing on-prem, Kubernetes-based AI factory. This is a hands-on, high-impact role reporting directly to the CTO/CISO and collaborating closely with Technical Operations, Corp IT, Platform Engineering, and scientific teams. The position offers the opportunity to shape the company's security posture from the ground up, protect high-value client data, and build the security team and tooling. A distinctive aspect of this role is Alembic's "Default to Open" philosophy, requiring security measures that respect maximum information sharing while safeguarding customer data and intellectual property. Additionally, the role involves managing which AIs operate in which containers within an AI-first company.

Requirements

  • 8+ years in security engineering, infrastructure, or related roles.
  • Strong Linux system security and networking (SSH certificates, directory-based authentication).
  • Strong Kubernetes security (RBAC, tenant isolation, admission control).
  • Proven experience securing on-prem environments.
  • Track record leading real-world incidents, with familiarity with attacker techniques (lateral movement, persistence, exfiltration).
  • Hands-on depth in EDR, IDS/IPS, and SIEM.
  • Strong command of OIDC, SAML, mTLS, and cryptography-based storage security.
  • Proficiency in writing code, automation, and tooling in Python or similar.
  • Experience with configuration management via IaC (Terraform, Ansible).
  • Judgment to distinguish high-signal threats from noise, make pragmatic tradeoffs, and communicate effectively with technical stakeholders.

Nice To Haves

  • High-performance or distributed-compute experience (HPC, GPU clusters).
  • Identity-aware proxies or zero-trust architectures.
  • Offensive security (red teaming, exploit development).
  • Secure application development and secure-code training.
  • Responsible-disclosure/bug-bounty programs.
  • AI controls, MCP security, agent security, and AI governance.
  • Background in corporate IT security.

Responsibilities

  • Design and implement security controls across all environments, including network segmentation, firewalling, IDS/IPS, and traffic analysis on the on-prem Kubernetes platform.
  • Build and enforce host security, including EDR, kernel telemetry, hardening, and baseline implementation across the fleet.
  • Own identity and access management (AuthN/AuthZ, RBAC, service identity) using OIDC, SAML, and mTLS.
  • Establish incident-detection pipelines (SIEM, metrics, endpoint telemetry) to identify high-signal threats and lead incident response from triage to forensics.
  • Focus on enablement over restriction, ensuring effective security while balancing IP protection, customer data protection, and internal information sharing.
  • Partner with Legal and the CISO to achieve compliance certifications and address customer security inquiries.
  • Hire and mentor as the security function grows.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service