alembic
alembic6h ago
New
$210K – $240K/yr

Lead Security Engineer

San Francisco Hqfull-timelead
EngineeringSecurity Engineer
1 views0 saves0 applied

Quick Summary

Key Responsibilities

EDR, kernel telemetry, hardening, and baseline implementation across the fleet. Own identity and access — AuthN/AuthZ, RBAC, and service identity — grounded in OIDC, SAML, and mTLS.

Technical Tools
EngineeringSecurity Engineer

Alembic is the pioneering Causal AI platform. We help the world's largest enterprises move past correlation to prove what actually drives business outcomes — the question marketing and growth teams have never been able to answer with confidence. Fortune 100 companies including Nvidia, Delta Air Lines, and Mars use Alembic to make multimillion-dollar decisions on trusted, causal evidence.

We're backed by a $145M Series B from WndrCo (founded by Jeffrey Katzenberg), Jensen Huang, Joe Montana, Prysm Capital, and Accenture. Our models run on our own NVIDIA DGX SuperPOD built on Grace Blackwell infrastructure — one of the fastest private supercomputers in the world. (We've melted GPUs getting here.)

About the Role

~1 min read

We're looking for a lead-level Security Engineer and Architect to own system, network, and host security end-to-end for a rapidly growing on-prem, Kubernetes-based AI factory. This is a hands-on, high-impact role reporting directly to our CTO/CISO and working side-by-side with Technical Operations, Corp IT, Platform Engineering, and our scientific teams. It's not a compliance seat that exists to satisfy published controls — it's the chance to shape our security posture from the ground up, secure high-value client data, and build the team and tooling to do it.

Two things make this role distinctive. First, Alembic is "Default to Open" by design: security here must respect that maximum information sharing is basic to how we operate, while still protecting customer data and the IP — patents and trade secrets — our applied-science work generates. Balancing those is the core intellectual challenge of the job. Second, we're an AI-first company that uses many kinds of AI across everything we do; deciding which AIs operate in which containers is one of the more interesting problems you'll own.

Responsibilities

~1 min read
  • Design and implement security controls across all environments — network segmentation and firewalling, IDS/IPS, and traffic analysis on our on-prem Kubernetes platform.

  • Build and enforce host security: EDR, kernel telemetry, hardening, and baseline implementation across the fleet.

  • Own identity and access — AuthN/AuthZ, RBAC, and service identity — grounded in OIDC, SAML, and mTLS.

  • Stand up incident-detection pipelines (SIEM, metrics, endpoint telemetry) tuned to surface high-signal threats over noise, and lead incident response end to end: triage, containment, recovery, root-cause analysis, and forensics.

  • Keep the focus on enablement over restriction — effective security, not compliance for its own sake — while balancing IP protection, customer-data protection, and broad internal information sharing.

  • Partner with Legal and the CISO to obtain the compliance certifications we need and to answer customer questions about the security of our systems; hire and mentor as the security function grows.

  • 8+ years in security engineering, infrastructure, or related roles.

  • Strong Linux system security and networking (SSH certificates, directory-based authentication) and strong Kubernetes security (RBAC, tenant isolation, admission control).

  • Real experience securing on-prem environments, not only public cloud.

  • A proven track record leading real-world incidents, with familiarity with attacker techniques (lateral movement, persistence, exfiltration) and hands-on depth in EDR, IDS/IPS, and SIEM.

  • Strong command of OIDC, SAML, mTLS, and cryptography-based storage security.

  • Comfort writing code, automation, and tooling in Python or similar, plus configuration management via IaC (Terraform, Ansible).

  • The judgment to distinguish high-signal threats from noise, make pragmatic tradeoffs in a fast-moving company, and communicate effectively with technical stakeholders.

Nice to have: high-performance or distributed-compute experience (HPC, GPU clusters); identity-aware proxies or zero-trust architectures; offensive security (red teaming, exploit development); secure application development and secure-code training; responsible-disclosure/bug-bounty programs; AI controls, MCP security, agent security, and AI governance; and a background in corporate IT security.

  • You want to shape a security posture from first principles rather than administer someone else's control framework — and you see "Default to Open" as a design constraint worth solving, not a threat to route around.

  • You'd rather be in the terminal doing root-cause analysis and building detection pipelines than managing them from a slide deck, and you want to build the team around you as scope grows.

  • You want a compliance-first role focused on satisfying published controls — this job is about effective security and enablement, and treats certifications as a byproduct, not the point.

  • You need a fully built-out program, tooling, and process to step into, rather than the mandate to define them.

  • You're uncomfortable with "Default to Open" — if your instinct is to lock everything down by default, the constant balance of IP protection, customer-data protection, and broad internal sharing will feel like friction rather than the interesting part.

  • You prefer static over dynamic — priorities and scope shift as we grow. We have real paying customers and a playbook, and we still move at startup speed at Series B scale.

Location & Eligibility

Where is the job
San Francisco Hq
On-site at the office
Who can apply
Same as job location

Listing Details

Posted
July 1, 2026
First seen
July 1, 2026
Last seen
July 1, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
63%
Scored at
July 1, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

alembicLead Security Engineer$210K – $240K