Lead Security Engineer

About The Position

Requirements

• Building and operating security controls in AWS, GCP, or Azure and in Kubernetes-based environments
• Strong hands-on engineering with a scripting language (e.g. Python, Bash), and Terraform
• Identity systems such as Okta or Entra, SAML, OIDC, SCIM, IAM, workload identity, and least-privilege design
• Secrets management and secure credential flows, including KMS, CI/CD secrets, GitHub OIDC, or service-to-service authentication
• Secure SDLC and supply chain controls, including code review, threat modeling, dependency management, signed builds or attestations, and CI hardening
• Detection and response, vulnerability management, and incident handling in fast-moving engineering environments
• Linux and network security fundamentals, including segmentation, certificates, DNS, firewalls, VPNs or Tailscale, and service-to-service auth
• Working with researchers or platform teams where the goal is to find the the optimal point in security/velocity tradeoff.
• Clear communication, strong judgment, and the ability to drive cross-functional security work

Nice To Haves

• Experience securing AI, ML, or research infrastructure
• Experience securing mixed on-prem and cloud environments, including lab-adjacent systems or physical device integration
• Experience with runtime security, eBPF, admission control, or policy-as-code
• Experience translating customer or enterprise security requirements into practical engineering controls

Responsibilities

• Own security architecture across cloud, Kubernetes, internal services, and research infrastructure
• Design and operate identity and access systems for both people and workloads, including SSO, MFA, RBAC, SCIM lifecycle automation, workload identity, and least-privilege access patterns
• Build and improve secrets management across the company, including KMS, GitHub and CI credentials, 1Password or equivalent systems, and secure service-to-service authentication
• Harden software delivery and developer workflows, including CI/CD, dependency security, build provenance, artifact integrity, and secure GitHub administration
• Lead threat modeling, secure design reviews, and risk assessments for internal platforms, lab systems, and any externally exposed products
• Build detection and response capabilities across cloud, identity, network, and endpoint telemetry, and drive incidents through containment, root cause analysis, and remediation
• Own vulnerability management and remediation automation across hosts, containers, dependencies, SaaS, and infrastructure-as-code
• Partner with infra and lab engineering on segmentation, remote access, firewall policy, certificates, DNS, and secure device-to-cloud patterns
• Set pragmatic security standards, run tabletop exercises, and help the rest of the company make sound security decisions without adding unnecessary process