Companies Alembic Lead Security Engineer

About the role

Alembic · Onsite

About Us

Alembic is the pioneering Causal AI platform. We help the world's largest enterprises move past correlation to prove what actually drives business outcomes — the question marketing and growth teams have never been able to answer with confidence. Fortune 100 companies including Nvidia, Delta Air Lines, and Mars use Alembic to make multimillion-dollar decisions on trusted, causal evidence.

We're backed by a $145M Series B from WndrCo (founded by Jeffrey Katzenberg), Jensen Huang, Joe Montana, Prysm Capital, and Accenture. Our models run on our own NVIDIA DGX SuperPOD built on Grace Blackwell infrastructure — one of the fastest private supercomputers in the world. (We've melted GPUs getting here.)

About the Role

We're looking for a lead-level Security Engineer and Architect to own system, network, and host security end-to-end for a rapidly growing on-prem, Kubernetes-based AI factory. This is a hands-on, high-impact role reporting directly to our CTO/CISO and working side-by-side with Technical Operations, Corp IT, Platform Engineering, and our scientific teams. It's not a compliance seat that exists to satisfy published controls — it's the chance to shape our security posture from the ground up, secure high-value client data, and build the team and tooling to do it.

Two things make this role distinctive. First, Alembic is "Default to Open" by design: security here must respect that maximum information sharing is basic to how we operate, while still protecting customer data and the IP — patents and trade secrets — our applied-science work generates. Balancing those is the core intellectual challenge of the job. Second, we're an AI-first company that uses many kinds of AI across everything we do; deciding which AIs operate in which containers is one of the more interesting problems you'll own.

What You'll Do

  • Design and implement security controls across all environments — network segmentation and firewalling, IDS/IPS, and traffic analysis on our on-prem Kubernetes platform.

  • Build and enforce host security: EDR, kernel telemetry, hardening, and baseline implementation across the fleet.

  • Own identity and access — AuthN/AuthZ, RBAC, and service identity — grounded in OIDC, SAML, and mTLS.

  • Stand up incident-detection pipelines (SIEM, metrics, endpoint telemetry) tuned to surface high-signal threats over noise, and lead incident response end to end: triage, containment, recovery, root-cause analysis, and forensics.

  • Keep the focus on enablement over restriction — effective security, not compliance for its own sake — while balancing IP protection, customer-data protection, and broad internal information sharing.

  • Partner with Legal and the CISO to obtain the compliance certifications we need and to answer customer questions about the security of our systems; hire and mentor as the security function grows.

What Will Help You Succeed

  • 8+ years in security engineering, infrastructure, or related roles.

  • Strong Linux system security and networking (SSH certificates, directory-based authentication) and strong Kubernetes security (RBAC, tenant isolation, admission control).

  • Real experience securing on-prem environments, not only public cloud.

  • A proven track record leading real-world incidents, with familiarity with attacker techniques (lateral movement, persistence, exfiltration) and hands-on depth in EDR, IDS/IPS, and SIEM.

  • Strong command of OIDC, SAML, mTLS, and cryptography-based storage security.

  • Comfort writing code, automation, and tooling in Python or similar, plus configuration management via IaC (Terraform, Ansible).

  • The judgment to distinguish high-signal threats from noise, make pragmatic tradeoffs in a fast-moving company, and communicate effectively with technical stakeholders.

Nice to have: high-performance or distributed-compute experience (HPC, GPU clusters); identity-aware proxies or zero-trust architectures; offensive security (red teaming, exploit development); secure application development and secure-code training; responsible-disclosure/bug-bounty programs; AI controls, MCP security, agent security, and AI governance; and a background in corporate IT security.

The role is right for you if:

  • You want to shape a security posture from first principles rather than administer someone else's control framework — and you see "Default to Open" as a design constraint worth solving, not a threat to route around.

  • You'd rather be in the terminal doing root-cause analysis and building detection pipelines than managing them from a slide deck, and you want to build the team around you as scope grows.

Why You Might Be Excited About Alembic

  • Hard problems with real impact: You'll secure a one-of-a-kind on-prem AI factory and protect the high-value data behind multimillion-dollar decisions at Fortune 100 companies.

  • Technical autonomy: Direct access to the CTO/CISO and decision-makers, ownership over the security architecture, and the freedom to solve problems your way.

  • Cutting-edge environment: Secure our own NVIDIA DGX SuperPOD on Grace Blackwell — one of the fastest private supercomputers in the world — and take on genuinely novel work in AI, agent, and MCP security.

  • Elite team: Join top engineers and scientists who thrive on hard problems, and build the security team from a front-row seat in the culture.

  • Series B momentum, real ownership: Meaningful equity at a Series B company that's raised $145M, with proven product-market fit and Fortune 100 traction.

Why You Might Not Be Excited

  • You want a compliance-first role focused on satisfying published controls — this job is about effective security and enablement, and treats certifications as a byproduct, not the point.

  • You need a fully built-out program, tooling, and process to step into, rather than the mandate to define them.

  • You're uncomfortable with "Default to Open" — if your instinct is to lock everything down by default, the constant balance of IP protection, customer-data protection, and broad internal sharing will feel like friction rather than the interesting part.

  • You prefer static over dynamic — priorities and scope shift as we grow. We have real paying customers and a playbook, and we still move at startup speed at Series B scale.

Ready to apply to Alembic?
Apply to Alembic

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free