×
Register Here to Apply for Jobs or Post Jobs. X

Manager of Technology & Security Engineering

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Reflection
Full Time position
Listed on 2026-07-17
Job specializations:
  • IT/Tech
    Cybersecurity, Security Management & Operations, Information Security
Salary/Wage Range or Industry Benchmark: 260000 - 360000 USD Yearly USD 260000.00 360000.00 YEAR
Job Description & How to Apply Below

Our Mission

Reflection is a research lab making intelligence open and accessible for everyone to use, customize, and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.

Role Overview

The Head of Technology & Security Engineering is responsible for architecting and operating the security engineering foundation that protects the organization’s corporate environment, multi-cloud research infrastructure, and multi-million-dollar GPU training capacity. This leader owns the full technical security stack — from end-user compute and zero-trust access to cloud and container security, detection engineering, and security-as-code — ensuring the organization can move at research speed without sacrificing rigor.

Sitting at the intersection of security engineering, infrastructure, and research operations, this role is uniquely positioned to define how a frontier AI company protects its most sensitive assets — model weights, training data, and GPU capacity — while preserving the low-friction environment researchers and engineers need to do their best work. The ideal candidate brings deep, hands-on technical depth alongside the executive presence to lead a security engineering function, represent the organization’s security posture to auditors and enterprise customers, and negotiate vendor and contractual risk.

This is a high-visibility, high-impact role that operates across engineering, infrastructure, legal, and physical security. Success requires the ability to design guardrails rather than gates, build systems that assume compromise, and operate credibly as both an executive leader and a hands-on builder.

What You'll Do

High-Performance End User Compute (EUC)

  • Design and manage a highly resilient corporate device fleet spanning Linux, macOS, Windows and specialized hardware such as NVIDIA GPU workstations.
  • Shift the fleet away from restrictive MDM policies toward intelligent posture verification and cryptographic device binding, reducing friction without reducing assurance.
  • Secure diverse local tool chains and developer environments without breaking the workflows researchers and engineers depend on.

Securing the Research & Training Boundary

  • Architect cloud-native security controls across multi-cloud environments that contain multi-million-dollar GPU clusters.
  • Establish IAM governance, network segmentation, and isolation boundaries appropriate to the scale and sensitivity of training infrastructure and model assets.
  • Partner with infrastructure and research teams to ensure security controls scale with GPU capacity rather than constrain it.

Phishing-Resistant Zero-Trust Access

  • Implement continuous, context-aware authorization using modern mesh networks and proxies (e.g., Tailscale, Cloudflare One).
  • Enforce hardware-backed authentication (Web Authn/FIDO2 keys) across every corporate and production plane.
  • Eliminate standing and persistent access in favor of just-in-time, verifiable authorization.

Security as Code (SaC)

  • Ensure 100% of infrastructure, endpoint configurations, IAM policies, and cloud environments are declared in code (Terraform/Pulumi).
  • Eliminate configuration drift through automated CI/CD validation and continuous compliance checks.
  • Build repeatable, auditable deployment pipelines that make security posture provable rather than assumed.

Behavioral Detection Engineering

  • Build telemetry pipelines that ingest high-fidelity logs into a cloud-native data lake to support detection at scale.
  • Detect sophisticated post-exploitation techniques, lateral movement, and living-off-the-land attacks across corporate and production environments.
  • Continuously tune detection coverage against an assumed-breach threat model, prioritizing time-to-detect and blast-radius containment.

Compliance, Audit & Vendor Risk

  • Support SOC 2, ISO 27001, FedRAMP, ISO 22237, ISO 22301, NIST CSF, customer audits, and enterprise security reviews.
  • Lead vendor risk assessments, procurement security reviews, and security-related legal contract negotiations.
  • Own front-line defenses for a frontier AI company, including physical security and data center…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary