Member of Technical Staff, Security
Physical Superintelligence · Boston, MA · 1 mo ago
HybridEngineeringFull-time
Role and Responsibilities
- Own end-to-end security strategy for PSI.
- Arcitect security into our AI platform, paid API, and enterprise customer engagements before they ship, not after.
- Application security, cloud security, identity and access management, secrets management, audit logging, and detection and response are yours to design and run.
- Lead SOC2 readiness and, at the right time, additional compliance programs such as ISO 27001 and customer-specific security questionnaires.
- Translate compliance requirements into engineering controls that engineers actually adopt, not paperwork that slows the team.
- Set the security bar in architecture and design reviews across the AI platform.
- Threat-model new runtimes, agent integrations, multi-tenant isolation, model-provider risk, training-data integrity, and customer-facing surfaces.
- Decide which risks are acceptable and which are not, with explicit reasoning the rest of the engineering team can trust.
- Build and lead the security function as PSI scales.
- Operate as the single technical security voice today; hire and grow a small high-leverage team over the next 18 months.
- Own incident response, third-party and model-provider risk, and the security relationship with enterprise customers in physics, energy, and adjacent verticals.
What We're Looking For
- Eight or more years in security engineering at scale, with a track record at companies known for security maturity (e.g., Google, Stripe, Cloudflare, Microsoft, Apple, Snowflake, Databricks, Palantir, or comparable).
- You have built security functions, not just contributed to them.
- Deep technical fluency across application security, cloud security on GCP, AWS, or Azure, identity and access management, and DevSecOps in Kubernetes-native environments.
- You read code, write Python for security tooling, and architect controls that engineers willingly adopt.
- Hands-on experience leading SOC2 or ISO 27001 readiness at a scaling company, owning the program from gap analysis through attestation.
- You know how to translate compliance language into engineering reality without slowing shipping velocity.
- Demonstrated ability to set strategy and operate without bureaucracy.
- You have been a founding or near-founding security hire at a fast-growing company; you have built threat models, incident response runbooks, and a small high-leverage team without becoming a process department.
Nice to Have
- Background in AI and ML security: model weights protection, prompt injection defense, agent supply chain, training data integrity, red teaming for LLMs.
- Public security research, conference talks at top venues (Black Hat, DEF CON, USENIX Security), CVE discovery, or substantial open-source security contributions.
- Experience designing multi-tenant isolation and security architecture in agentic systems, research platforms, or scientific computing infrastructure.
- Government clearance, classified-program background, or experience protecting IP-bearing scientific or research environments.