Manager of Product Security

ReflectionSan Francisco, CA
Onsite

About The Position

The Head of Product Security is responsible for building, scaling, and operating Reflection’s security program across the full breadth of the enterprise — from physical and data center infrastructure to cloud and neocloud environments, vendor ecosystems, and strategic growth activities. This leader serves as a senior partner to the CISO, translating the company’s long-term security strategy into an operating model that can withstand hypergrowth and the unique demands of a frontier AI company. Sitting at the intersection of infrastructure security, enterprise operations, and strategic risk, this role is uniquely positioned to shape how Reflection understands and manages its security posture as it scales. The ideal candidate is both a strategic architect and a hands-on operator — equally capable of defining security standards for neocloud environments and standing up physical controls for a new data center deployment. They bring deep technical fluency across cloud, infrastructure, and AI compute environments, and the executive presence to represent Reflection’s security posture to customers, regulators, investors, and government stakeholders. This is a high-visibility, high-impact role with broad organizational reach. Success requires the ability to build security programs from scratch, scale them through periods of rapid change, and maintain operational excellence across a complex, globally distributed technology footprint.

Requirements

  • 12+ years of experience across cybersecurity, infrastructure security, enterprise technology, or related fields.
  • Proven track record of building security programs from the ground up within startups, AI companies, cloud providers, hyperscalers, or hypergrowth technology organizations.
  • Demonstrated success scaling teams and organizations from 0→1 and 1→N.
  • Experience securing AI infrastructure and running security operations for GPU compute environments.
  • Experience working within or alongside neocloud providers, hyperscalers, colocation operators, or large-scale physical cloud infrastructure organizations.
  • Experience leading vendor risk programs, procurement security reviews, and legal contract negotiations.
  • Familiarity supporting SOC 2, ISO 27001, FedRAMP, ISO 22377, ISO 22301, NIST CSF, customer audits, and enterprise security reviews.
  • Technical depth across cloud and infrastructure security, Kubernetes and container security, Zero Trust architectures, identity and access management, detection and response technologies, and security automation and orchestration.
  • Ability to design and communicate security standards, architecture decisions, and risk trade-offs to both technical and non-technical audiences.
  • Strong operational judgment — capable of defining security policy and implementing controls directly when organizational needs require it.
  • Proven ability to manage complex vendor relationships, negotiate security-oriented contractual terms, and hold third parties accountable to defined standards.
  • Track record of building and maturing physical and data center security programs at scale.
  • A security practitioner who operates with both technical rigor and pragmatic judgment — focused on building programs that are operationally effective, not just technically sound.
  • Equally comfortable in the boardroom and the server room — capable of representing Reflection’s security posture to executive stakeholders and regulators while remaining deeply fluent in the technical details.
  • Highly collaborative and organizationally astute, with the ability to build trusted relationships across engineering, legal, risk, and business functions.
  • Motivated by building — energized by creating security infrastructure from scratch in a fast-moving environment where the stakes are high and the work is genuinely novel.
  • Committed to the mission — understands the unique security responsibilities of a frontier AI company and approaches the work with the seriousness it demands.

Responsibilities

  • Help define and execute the company’s long-term security strategy and security operating model.
  • Support the CISO and CSO in representing security leadership with customers, auditors, investors, regulators, government officials, and executive stakeholders.
  • Recruit, develop, and mentor world-class security and technology professionals.
  • Balance strategic leadership with hands-on execution as organizational needs evolve.
  • Own security strategy for data centers, colocation facilities, and infrastructure operations globally.
  • Partner with infrastructure and site operations teams to embed security throughout the data center lifecycle, including site selection, design, commissioning, and operations.
  • Define standards for physical access controls, surveillance systems, asset protection, hardware handling, and operational resilience.
  • Own the security strategy, configuration requirements, and governance for neocloud infrastructure that each facility must follow to host Reflection workloads.
  • Develop and enforce security design standards for third-party neocloud environments to integrate with Reflection’s corporate and engineering workflows, including incident response and vulnerability management.
  • Lead technical assessments of neocloud first- and third-party deployments for ongoing assurance — validating security posture, identifying gaps, and driving remediation to meet Reflection’s security guarantees and customer contractual obligations.
  • Own security contractual negotiations with neocloud providers to ensure all Reflection security requirements are contractually defined, enforceable, and aligned with the company’s product offerings and regulatory expectations.
  • Partner with the CISO to lead security and technology due diligence for acquisitions, investments, and strategic partnerships.
  • Partner with Reflection’s Risk Leader to identify security, infrastructure, compliance, privacy, and operational risks associated with target organizations.
  • Drive post-acquisition security integration and modernization initiatives across enterprise security and corporate technology.
  • Develop and own security strategy, review processes, and approval workflows for software, SaaS, cloud services, hardware suppliers, and strategic technology purchases.
  • Build and operate vendor security assessment and third-party risk management programs.
  • Partner with Legal and Finance on contract negotiations, security requirements, privacy obligations, and risk transfer mechanisms on both buy and sell sides.

Benefits

  • Top-tier compensation: Salary and equity structured to recognize and retain our talent globally.
  • Stock options: Everyone who joins and contributes to Reflection's success gets to share in the upside through stock options.
  • Comprehensive medical, dental, vision, and life, with an annual wellness allowance.
  • Lunch and dinner are provided in the office daily.
  • 22 weeks paid parental leave for all new birthing and non-birthing parents, including adoptive and surrogate journeys.
  • Unlimited paid time off in the U.S. and 30 days in the U.K.
  • We sponsor visas to help exceptional talent join our team and support long-term immigration pathways where applicable.
  • Regular off-sites, happy hours, and team celebrations.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service