Reflection is a research lab making intelligence open and accessible for everyone to use customize and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.
Role Overview
The Head of Technology & Security Engineering is responsible for architecting and operating the security engineering foundation that protects the organizations corporate environment multi-cloud research infrastructure and multi-million-dollar GPU training capacity. This leader owns the full technical security stack from end-user compute and zero-trust access to cloud and container security detection engineering and security-as-code ensuring the organization can move at research speed without sacrificing rigor.
Sitting at the intersection of security engineering infrastructure and research operations this role is uniquely positioned to define how a frontier AI company protects its most sensitive assets model weights training data and GPU capacity while preserving the low-friction environment researchers and engineers need to do their best work. The ideal candidate brings deep hands-on technical depth alongside the executive presence to lead a security engineering function represent the organizations security posture to auditors and enterprise customers and negotiate vendor and contractual risk.
This is a high-visibility high-impact role that operates across engineering infrastructure legal and physical security. Success requires the ability to design guardrails rather than gates build systems that assume compromise and operate credibly as both an executive leader and a hands-on builder.
What Youll Do
High-Performance End User Compute (EUC)
Design and manage a highly resilient corporate device fleet spanning Linux macOS Windows and specialized hardware such as NVIDIA GPU workstations.
Shift the fleet away from restrictive MDM policies toward intelligent posture verification and cryptographic device binding reducing friction without reducing assurance.
Secure diverse local toolchains and developer environments without breaking the workflows researchers and engineers depend on.
Securing the Research & Training Boundary
Architect cloud-native security controls across multi-cloud environments that contain multi-million-dollar GPU clusters.
Establish IAM governance network segmentation and isolation boundaries appropriate to the scale and sensitivity of training infrastructure and model assets.
Partner with infrastructure and research teams to ensure security controls scale with GPU capacity rather than constrain it.
Phishing-Resistant Zero-Trust Access
Implement continuous context-aware authorization using modern mesh networks and proxies (e.g. Tailscale Cloudflare One).
Enforce hardware-backed authentication (WebAuthn/FIDO2 keys) across every corporate and production plane.
Eliminate standing and persistent access in favor of just-in-time verifiable authorization.
Security as Code (SaC)
Ensure 100% of infrastructure endpoint configurations IAM policies and cloud environments are declared in code (Terraform/Pulumi).
Eliminate configuration drift through automated CI/CD validation and continuous compliance checks.
Build repeatable auditable deployment pipelines that make security posture provable rather than assumed.
Behavioral Detection Engineering
Build telemetry pipelines that ingest high-fidelity logs into a cloud-native data lake to support detection at scale.
Detect sophisticated post-exploitation techniques lateral movement and living-off-the-land attacks across corporate and production environments.
Continuously tune detection coverage against an assumed-breach threat model prioritizing time-to-detect and blast-radius containment.
Compliance Audit & Vendor Risk
Support SOC 2 ISO 27001 FedRAMP ISO 22237 ISO 22301 NIST CSF customer audits and enterprise security reviews.
Lead vendor risk assessments procurement security reviews and security-related legal contract negotiations.
Own front-line defenses for a frontier AI company including physical security and data center security operations.
What Were Looking For
Experience & Background
20 years of deep engineering experience at high-valuation companies or in defense-grade environments.
Battle-tested technical leadership with a track record of building and operating security engineering functions at scale.
Experience supporting SOC 2 ISO 27001 FedRAMP ISO 22237 ISO 22301 NIST CSF customer audits and enterprise security reviews.
Experience leading vendor risk procurement security reviews and legal contract negotiations.
Experience with front-line defenses for an AI company including physical security and data center security operations.
Skills & Capabilities
Deep familiarity with Linux and macOS internals including how to secure specialized hardware (NVIDIA GPUs) without breaking developer environments.
Expert-level knowledge of public cloud architectures IAM governance at scale and Kubernetes/container isolation primitives.
Technical understanding of cloud and infrastructure security Kubernetes and container security zero-trust architectures security operations at scale identity and access management detection and response technologies and security automation and orchestration.
Ability to operate as both an executive leader and a hands-on builder moving fluidly between strategy and implementation.
Mindset & Approach
A guardrails not gates philosophy understands that blocking a researcher from pulling a Python library or mounting a filesystem means security has failed and builds accordingly using virtualization sandboxing and data isolation.
An adversarial mindset that designs systems under the assumption the endpoint will be compromised focusing defenses on limiting blast radius eliminating persistent access and detecting post-compromise activity immediately.
Motivated by building comfortable operating in ambiguous fast-moving environments where security infrastructure is maturing alongside a rapidly scaling research organization.
What We Offer:
We believe that to make intelligence open and accessible to all you need to start at the foundation. Joining Reflection means building from the ground up as part of a talent-dense team. You will help define our future as a company and help define the future of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
Top-tier compensation: Salary and equity structured to recognize and retain our talent globally.
Stock options: Everyone who joins and contributes to Reflections success gets to share in the upside through stock options.
Health & wellness: Comprehensive medical dental vision and life with an annual wellness allowance.
Meals: Lunch and dinner are provided in the office daily.
Life & family: 22 weeks paid parental leave for all new birthing and non-birthing parents including adoptive and surrogate journeys.
Vacation days: Unlimited paid time off in the U.S. and 30 days in the U.K.
Sponsorship support: We sponsor visas to help exceptional talent join our team and support long-term immigration pathways where applicable.
Team building: We have regular off-sites happy hours and team celebrations.
Export Control Notice: This position may require access to technology or source code subject to the U.S. Export Administration Regulations. Any offer of employment for this role may be conditioned on the Companys ability to provide the candidate with access to such technology or source code in compliance with applicable U.S. export control laws which may require the Company to seek government authorization.
Required Experience:
Manager
Our MissionReflection is a research lab making intelligence open and accessible for everyone to use customize and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.Role Overview The Hea...
Our Mission
Reflection is a research lab making intelligence open and accessible for everyone to use customize and build on. We build open models that let anyone control their intelligence and help shape the future of AI. Our mission: make intelligence open and accessible to all.
Role Overview
The Head of Technology & Security Engineering is responsible for architecting and operating the security engineering foundation that protects the organizations corporate environment multi-cloud research infrastructure and multi-million-dollar GPU training capacity. This leader owns the full technical security stack from end-user compute and zero-trust access to cloud and container security detection engineering and security-as-code ensuring the organization can move at research speed without sacrificing rigor.
Sitting at the intersection of security engineering infrastructure and research operations this role is uniquely positioned to define how a frontier AI company protects its most sensitive assets model weights training data and GPU capacity while preserving the low-friction environment researchers and engineers need to do their best work. The ideal candidate brings deep hands-on technical depth alongside the executive presence to lead a security engineering function represent the organizations security posture to auditors and enterprise customers and negotiate vendor and contractual risk.
This is a high-visibility high-impact role that operates across engineering infrastructure legal and physical security. Success requires the ability to design guardrails rather than gates build systems that assume compromise and operate credibly as both an executive leader and a hands-on builder.
What Youll Do
High-Performance End User Compute (EUC)
Design and manage a highly resilient corporate device fleet spanning Linux macOS Windows and specialized hardware such as NVIDIA GPU workstations.
Shift the fleet away from restrictive MDM policies toward intelligent posture verification and cryptographic device binding reducing friction without reducing assurance.
Secure diverse local toolchains and developer environments without breaking the workflows researchers and engineers depend on.
Securing the Research & Training Boundary
Architect cloud-native security controls across multi-cloud environments that contain multi-million-dollar GPU clusters.
Establish IAM governance network segmentation and isolation boundaries appropriate to the scale and sensitivity of training infrastructure and model assets.
Partner with infrastructure and research teams to ensure security controls scale with GPU capacity rather than constrain it.
Phishing-Resistant Zero-Trust Access
Implement continuous context-aware authorization using modern mesh networks and proxies (e.g. Tailscale Cloudflare One).
Enforce hardware-backed authentication (WebAuthn/FIDO2 keys) across every corporate and production plane.
Eliminate standing and persistent access in favor of just-in-time verifiable authorization.
Security as Code (SaC)
Ensure 100% of infrastructure endpoint configurations IAM policies and cloud environments are declared in code (Terraform/Pulumi).
Eliminate configuration drift through automated CI/CD validation and continuous compliance checks.
Build repeatable auditable deployment pipelines that make security posture provable rather than assumed.
Behavioral Detection Engineering
Build telemetry pipelines that ingest high-fidelity logs into a cloud-native data lake to support detection at scale.
Detect sophisticated post-exploitation techniques lateral movement and living-off-the-land attacks across corporate and production environments.
Continuously tune detection coverage against an assumed-breach threat model prioritizing time-to-detect and blast-radius containment.
Compliance Audit & Vendor Risk
Support SOC 2 ISO 27001 FedRAMP ISO 22237 ISO 22301 NIST CSF customer audits and enterprise security reviews.
Lead vendor risk assessments procurement security reviews and security-related legal contract negotiations.
Own front-line defenses for a frontier AI company including physical security and data center security operations.
What Were Looking For
Experience & Background
20 years of deep engineering experience at high-valuation companies or in defense-grade environments.
Battle-tested technical leadership with a track record of building and operating security engineering functions at scale.
Experience supporting SOC 2 ISO 27001 FedRAMP ISO 22237 ISO 22301 NIST CSF customer audits and enterprise security reviews.
Experience leading vendor risk procurement security reviews and legal contract negotiations.
Experience with front-line defenses for an AI company including physical security and data center security operations.
Skills & Capabilities
Deep familiarity with Linux and macOS internals including how to secure specialized hardware (NVIDIA GPUs) without breaking developer environments.
Expert-level knowledge of public cloud architectures IAM governance at scale and Kubernetes/container isolation primitives.
Technical understanding of cloud and infrastructure security Kubernetes and container security zero-trust architectures security operations at scale identity and access management detection and response technologies and security automation and orchestration.
Ability to operate as both an executive leader and a hands-on builder moving fluidly between strategy and implementation.
Mindset & Approach
A guardrails not gates philosophy understands that blocking a researcher from pulling a Python library or mounting a filesystem means security has failed and builds accordingly using virtualization sandboxing and data isolation.
An adversarial mindset that designs systems under the assumption the endpoint will be compromised focusing defenses on limiting blast radius eliminating persistent access and detecting post-compromise activity immediately.
Motivated by building comfortable operating in ambiguous fast-moving environments where security infrastructure is maturing alongside a rapidly scaling research organization.
What We Offer:
We believe that to make intelligence open and accessible to all you need to start at the foundation. Joining Reflection means building from the ground up as part of a talent-dense team. You will help define our future as a company and help define the future of open foundational models.
We want you to do the most impactful work of your career with the confidence that you and the people you care about most are supported.
Top-tier compensation: Salary and equity structured to recognize and retain our talent globally.
Stock options: Everyone who joins and contributes to Reflections success gets to share in the upside through stock options.
Health & wellness: Comprehensive medical dental vision and life with an annual wellness allowance.
Meals: Lunch and dinner are provided in the office daily.
Life & family: 22 weeks paid parental leave for all new birthing and non-birthing parents including adoptive and surrogate journeys.
Vacation days: Unlimited paid time off in the U.S. and 30 days in the U.K.
Sponsorship support: We sponsor visas to help exceptional talent join our team and support long-term immigration pathways where applicable.
Team building: We have regular off-sites happy hours and team celebrations.
Export Control Notice: This position may require access to technology or source code subject to the U.S. Export Administration Regulations. Any offer of employment for this role may be conditioned on the Companys ability to provide the candidate with access to such technology or source code in compliance with applicable U.S. export control laws which may require the Company to seek government authorization.