Lead Security Engineer
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
Alembic is the pioneering Causal AI platform. We help the world's largest enterprises move past correlation to prove what actually drives business outcomes - the question marketing and growth teams have never been able to answer with confidence. Fortune 100 companies including Nvidia, Delta Air Lines, and Mars use Alembic to make multimillion-dollar decisions on trusted, causal evidence. We're backed by a $145M Series B from WndrCo (founded by Jeffrey Katzenberg), Jensen Huang, Joe Montana, Prysm Capital, and Accenture. Our models run on our own NVIDIA DGX SuperPOD built on Grace Blackwell infrastructure - one of the fastest private supercomputers in the world. (We've melted GPUs getting here.) We're looking for a lead-level Security Engineer and Architect to own system, network, and host security end-to-end for a rapidly growing on-prem, Kubernetes-based AI factory. This is a hands-on, high-impact role reporting directly to our CTO/CISO and working side-by-side with Technical Operations, Corp IT, Platform Engineering, and our scientific teams. It's not a compliance seat that exists to satisfy published controls - it's the chance to shape our security posture from the ground up, secure high-value client data, and build the team and tooling to do it. Two things make this role distinctive. First, Alembic is "Default to Open" by design: security here must respect that maximum information sharing is basic to how we operate, while still protecting customer data and the IP - patents and trade secrets - our applied-science work generates. Balancing those is the core intellectual challenge of the job. Second, we're an AI-first company that uses many kinds of AI across everything we do; deciding which AIs operate in which containers is one of the more interesting problems you'll own.
Responsibilities
- Design and implement security controls across all environments - network segmentation and firewalling, IDS/IPS, and traffic analysis on our on-prem Kubernetes platform.
- Build and enforce host security: EDR, kernel telemetry, hardening, and baseline implementation across the fleet.
- Own identity and access - AuthN/AuthZ, RBAC, and service identity - grounded in OIDC, SAML, and mTLS.
- Stand up incident-detection pipelines (SIEM, metrics, endpoint telemetry) tuned to surface high-signal threats over noise, and lead incident response end to end: triage, containment, recovery, root-cause analysis, and forensics.
- Keep the focus on enablement over restriction - effective security, not compliance for its own sake - while balancing IP protection, customer-data protection, and broad internal information sharing.
- Partner with Legal and the CISO to obtain the compliance certifications we need and to answer customer questions about the security of our systems; hire and mentor as the security function grows.
- What Will Help You Succeed
- 8+ years in security engineering, infrastructure, or related roles.
- Strong Linux system security and networking (SSH certificates, directory-based authentication) and strong Kubernetes security (RBAC, tenant isolation, admission control).
- Real experience securing on-prem environments, not only public cloud.
- A proven track record leading real-world incidents, with familiarity with attacker techniques (lateral movement, persistence, exfiltration) and hands-on depth in EDR, IDS/IPS, and SIEM.
- Strong command of OIDC, SAML, mTLS, and cryptography-based storage security.
- Comfort writing code, automation, and tooling in Python or similar, plus configuration management via IaC (Terraform, Ansible).
- The judgment to distinguish high-signal threats from noise, make pragmatic tradeoffs in a fast-moving company, and communicate effectively with technical stakeholders.
- The role is right for you if:
- You want to shape a security posture from first principles rather than administer someone else's control framework - and you see "Default to Open" as a design constraint worth solving, not a threat to route around.
- You'd rather be in the terminal doing root-cause analysis and building detection pipelines than managing them from a slide deck, and you want to build the team around you as scope grows.
- Why You Might Be Excited About Alembic
- Hard problems with real impact: You'll secure a one-of-a-kind on-prem AI factory and protect the high-value data behind multimillion-dollar decisions at Fortune 100 companies.
- Technical autonomy: Direct access to the CTO/CISO and decision-makers, ownership over the security architecture, and the freedom to solve problems your way.
- Cutting-edge environment: Secure
Benefits
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at alembic? Share your experience