Lead Security Engineer

About Periodic Labs

The most important scientific discoveries of our time won’t happen in a traditional lab. We’re an AI and physical sciences company building state-of-the-art models to accelerate breakthroughs across materials, energy, and beyond. Backed by world-class investors and growing rapidly, we operate at the pace the frontier requires. Our team brings deep expertise, genuine ownership, and an insatiable drive to push the boundaries of what’s scientifically possible.

About the Role

You will lead, design, build, and operate security engineering at Periodic Labs. You will secure the systems that power our research and operations, including cloud environments, clusters, internal developer platforms, identity systems, secrets, SaaS access patterns, and lab-adjacent infrastructure. You will work closely with research, infra, lab, and operations teams to reduce risk without slowing down experimentation.

This is a hands-on engineering role. You will write automation, ship controls, lead incident response, and raise the bar for how we design secure systems. You will set pragmatic standards and build tooling that makes the secure path the easy path for the rest of the company.

What You’ll Do

• Own security architecture across cloud, Kubernetes, internal services, and research infrastructure

• Design and operate identity and access systems for both people and workloads, including SSO, MFA, RBAC, SCIM lifecycle automation, workload identity, and least-privilege access patterns

• Build and improve secrets management across the company, including KMS, GitHub and CI credentials, 1Password or equivalent systems, and secure service-to-service authentication

• Harden software delivery and developer workflows, including CI/CD, dependency security, build provenance, artifact integrity, and secure GitHub administration

• Lead threat modeling, secure design reviews, and risk assessments for internal platforms, lab systems, and any externally exposed products

• Build detection and response capabilities across cloud, identity, network, and endpoint telemetry, and drive incidents through containment, root cause analysis, and remediation

• Own vulnerability management and remediation automation across hosts, containers, dependencies, SaaS, and infrastructure-as-code

• Partner with infra and lab engineering on segmentation, remote access, firewall policy, certificates, DNS, and secure device-to-cloud patterns

• Set pragmatic security standards, run tabletop exercises, and help the rest of the company make sound security decisions without adding unnecessary process

You Will Thrive in This Role If You Have

• Experience building and operating security controls in AWS, GCP, or Azure and in Kubernetes-based environments

• Strong hands-on engineering with a scripting language such as Python or Bash, and Terraform

• Experience with identity systems such as Okta or Entra, SAML, OIDC, SCIM, IAM, workload identity, and least-privilege design

• Experience with secrets management and secure credential flows, including KMS, CI/CD secrets, GitHub OIDC, or service-to-service authentication

• Familiarity with secure SDLC and supply chain controls, including code review, threat modeling, dependency management, signed builds or attestations, and CI hardening

• Experience with detection and response, vulnerability management, and incident handling in fast-moving engineering environments

• Strong Linux and network security fundamentals, including segmentation, certificates, DNS, firewalls, VPNs or Tailscale, and service-to-service auth

• Experience working with researchers or platform teams where the goal is to find the optimal point in the security/velocity tradeoff

• Clear communication, strong judgment, and the ability to drive cross-functional security work

Especially Strong Candidates May Also Have

• Experience securing AI, ML, or research infrastructure

• Experience securing mixed on-prem and cloud environments, including lab-adjacent systems or physical device integration

• Experience with runtime security, eBPF, admission control, or policy-as-code

• Experience translating customer or enterprise security requirements into practical engineering controls

Mechanics

Minimum education: Bachelor’s degree or an equivalent combination of education and training or experience

Location: Our lab is located in Menlo Park and we prefer folks to be located in Menlo Park or San Francisco but can be flexible based on role

Compensation: The annual base compensation range for this role is $200,000–$250,000, commensurate with experience

Visa sponsorship: Yes, we sponsor visas and will do everything we can to assist in this process with our legal support.

We’re building a team of the world’s best — the scientists, engineers, and problem-solvers who don’t just follow the frontier, they define it. If you’re driven to bring AI to life in the physical world and make discoveries that have never been made before, you belong here.