About Periodic LabsWe are an AI + physical sciences lab building state of the art models to make novel scientific discoveries. We are well funded and growing rapidly. Team members are owners who identity and solve problems without boundaries or bureaucracy. We eagerly learn new tools and new science to push forward our mission.About the RoleYou will lead, design, build, and operate security engineering at Periodic Labs. You will secure the systems that power our research and operations, including cloud environments, clusters, internal developer platforms, identity systems, secrets, SaaS access patterns, and lab-adjacent infrastructure. You will work closely with research, infra, lab, and operations teams to reduce risk without slowing down experimentation.This is a hands-on engineering role. You will write automation, ship controls, lead incident response, and raise the bar for how we design secure systems. You will set pragmatic standards and build tooling that makes the secure path the easy path for the rest of the company.What You'll DoOwn security architecture across cloud, Kubernetes, internal services, and research infrastructureDesign and operate identity and access systems for both people and workloads, including SSO, MFA, RBAC, SCIM lifecycle automation, workload identity, and least-privilege access patternsBuild and improve secrets management across the company, including KMS, GitHub and CI credentials, 1Password or equivalent systems, and secure service-to-service authenticationHarden software delivery and developer workflows, including CI/CD, dependency security, build provenance, artifact integrity, and secure GitHub administrationLead threat modeling, secure design reviews, and risk assessments for internal platforms, lab systems, and any externally exposed productsBuild detection and response capabilities across cloud, identity, network, and endpoint telemetry, and drive incidents through containment, root cause analysis, and remediationOwn vulnerability management and remediation automation across hosts, containers, dependencies, SaaS, and infrastructure-as-codePartner with infra and lab engineering on segmentation, remote access, firewall policy, certificates, DNS, and secure device-to-cloud patternsSet pragmatic security standards, run tabletop exercises, and help the rest of the company make sound security decisions without adding unnecessary processYou Might Thrive in This Role If You Have Experience WithBuilding and operating security controls in AWS, GCP, or Azure and in Kubernetes-based environmentsStrong hands-on engineering with a scripting language (e.g. Python, Bash), and TerraformIdentity systems such as Okta or Entra, SAML, OIDC, SCIM, IAM, workload identity, and least-privilege designSecrets management and secure credential flows, including KMS, CI/CD secrets, GitHub OIDC, or service-to-service authenticationSecure SDLC and supply chain controls, including code review, threat modeling, dependency management, signed builds or attestations, and CI hardeningDetection and response, vulnerability management, and incident handling in fast-moving engineering environmentsLinux and network security fundamentals, including segmentation, certificates, DNS, firewalls, VPNs or Tailscale, and service-to-service authWorking with researchers or platform teams where the goal is to find the the optimal point in security/velocity tradeoff.Clear communication, strong judgment, and the ability to drive cross-functional security workEspecially Strong Candidates May Also HaveExperience securing AI, ML, or research infrastructureExperience securing mixed on-prem and cloud environments, including lab-adjacent systems or physical device integrationExperience with runtime security, eBPF, admission control, or policy-as-codeExperience translating customer or enterprise security requirements into practical engineering controls