IT Systems & Security Engineer
Job Description
- Lead, design, build, and operate IT Systems & Security.
- Own identity, endpoint, network, and SaaS security.
- Implement secure internal workflows and ensure researcher productivity.
- Automate systems and set high standards for security and reliability.
- Collaborate with research, infra, and operations teams.
- Experience with Identity and SSO solutions like Okta or Entra.
- Manage macOS/Windows/Linux device lifecycle and MDM at scale.
- Deploy and maintain EDR, full-disk encryption, and host firewalls.
- Automate policies using IaC (Terraform, Ansible) and scripting (Python, Bash).
- Manage IAM and integrate systems in cloud environments (AWS, GCP, Azure).
- Administer Google Workspace, Slack, GitHub, and other core tools.
- Manage secrets using KMS, GitHub, 1Password, and k8s secrets.
- Implement Zero-Trust principles and secure networking.
IT Systems & Security Engineer
Location
Menlo Park, Remote
Employment Type
Full time
Department
Bits: LLMs, machine learning, infra, etc.
About Periodic Labs
We are an AI + physical sciences lab building state of the art models to make novel scientific discoveries. We are well funded and growing rapidly. Team members are owners who identity and solve problems without boundaries or bureaucracy. We eagerly learn new tools and new science to push forward our mission.
About the Role
You will lead, design, build, and operate Periodic Labs’ Security and IT. You’ll own identity, endpoint, network, and SaaS security. You'll implement smooth, secure internal workflows and keep our researchers productive.
You’ll write automation, integrate systems, and set high standards for security, reliability, and user experience. You’ll work closely with research, infra, and operations to ensure our environments including laptops, clusters, and science labs are secure, compliant, and fast.
You might thrive in this role if you have experience with:
- Identity and SSO: Okta or Entra, SAML/OIDC/SCIM, robust RBAC and lifecycle automation
- Managing Endpoints at Scale: End-to-end ownership of macOS/Windows/Linux device lifecycle. Procurement, zero-touch provisioning, deploy and operate MDM, configuration baselines, inventory, and secure deprovisioning.
- Installing and operating Security on Devices: Deploy and maintain EDR (CrowdStrike / SentinelOne), full-disk encryption (FileVault/BitLocker), host firewall policies, USB/media controls, kernel/system extension approvals, and app allow/deny lists.
- Automating Everything: Use IaC and scripting (Terraform/Terragrunt, Ansible, Python/Bash) to codify policy, create self-service workflows, build CLI tooling
- Managing Clouds: Managing IAM and integrating systems and users in cloud environments such as AWS, GCP, or Azure
- SaaS and Directory Hygiene: Administer Google Workspace, Slack, GitHub, and other core tools. Define groups, workflows, and guardrails to minimize permissions sprawl
- Secrets management: Managing KMS, GitHub, 1Password, k8s secrets
- Zero-Trust and Networking: Implementing identity-aware access, secure Wi-Fi, DNS/certificates, and segmented networks.
