Lead Security Engineer

About Periodic Labs

We are an AI + physical sciences lab building state of the art models to make novel scientific discoveries. We are well funded and growing rapidly. Team members are owners who identity and solve problems without boundaries or bureaucracy. We eagerly learn new tools and new science to push forward our mission.

About the Role

You will lead, design, build, and operate security engineering at Periodic Labs. You will secure the systems that power our research and operations, including cloud environments, clusters, internal developer platforms, identity systems, secrets, SaaS access patterns, and lab-adjacent infrastructure. You will work closely with research, infra, lab, and operations teams to reduce risk without slowing down experimentation.

This is a hands-on engineering role. You will write automation, ship controls, lead incident response, and raise the bar for how we design secure systems. You will set pragmatic standards and build tooling that makes the secure path the easy path for the rest of the company.

What You'll Do

• Own security architecture across cloud, Kubernetes, internal services, and research infrastructure

• Design and operate identity and access systems for both people and workloads, including SSO, MFA, RBAC, SCIM lifecycle automation, workload identity, and least-privilege access patterns

• Build and improve secrets management across the company, including KMS, GitHub and CI credentials, 1Password or equivalent systems, and secure service-to-service authentication

• Harden software delivery and developer workflows, including CI/CD, dependency security, build provenance, artifact integrity, and secure GitHub administration

• Lead threat modeling, secure design reviews, and risk assessments for internal platforms, lab systems, and any externally exposed products

• Build detection and response capabilities across cloud, identity, network, and endpoint telemetry, and drive incidents through containment, root cause analysis, and remediation

• Own vulnerability management and remediation automation across hosts, containers, dependencies, SaaS, and infrastructure-as-code

• Partner with infra and lab engineering on segmentation, remote access, firewall policy, certificates, DNS, and secure device-to-cloud patterns

• Set pragmatic security standards, run tabletop exercises, and help the rest of the company make sound security decisions without adding unnecessary process

You Might Thrive in This Role If You Have Experience With

• Building and operating security controls in AWS, GCP, or Azure and in Kubernetes-based environments

• Strong hands-on engineering with a scripting language (e.g. Python, Bash), and Terraform

• Identity systems such as Okta or Entra, SAML, OIDC, SCIM, IAM, workload identity, and least-privilege design

• Secrets management and secure credential flows, including KMS, CI/CD secrets, GitHub OIDC, or service-to-service authentication

• Secure SDLC and supply chain controls, including code review, threat modeling, dependency management, signed builds or attestations, and CI hardening

• Detection and response, vulnerability management, and incident handling in fast-moving engineering environments

• Linux and network security fundamentals, including segmentation, certificates, DNS, firewalls, VPNs or Tailscale, and service-to-service auth

• Working with researchers or platform teams where the goal is to find the the optimal point in security/velocity tradeoff.

• Clear communication, strong judgment, and the ability to drive cross-functional security work

Especially Strong Candidates May Also Have

• Experience securing AI, ML, or research infrastructure

• Experience securing mixed on-prem and cloud environments, including lab-adjacent systems or physical device integration

• Experience with runtime security, eBPF, admission control, or policy-as-code

• Experience translating customer or enterprise security requirements into practical engineering controls