NetBox Labs is hiring a Director of Security & IT to lead and scale security across our products, platform, AI initiatives, and corporate environment. Reporting to the CTO, this technical leadership role owns DevSecOps, Product Security, AI Security & Risk, and Corporate IT / GRC. You will define how we build secure software, operate secure infrastructure, adopt AI responsibly, and run a mature internal security function.
What You'll Do
- Define and continuously evolve security architecture across multi-tenant SaaS platform, on-prem product, and distributed agent systems.
- Establish security design principles for multi-tenant isolation, IAM, secrets management, and cloud boundaries.
- Embed security into engineering workflows through partnership with Engineering Directors and Principal Engineers.
- Own governance, risk, and compliance strategy, including SOC 2 maturity and audit readiness.
- Treat AI security as a first-class domain and partner with AI leaders to shape secure AI product strategy from inception.
- Define guardrails for internal AI usage, including data access boundaries, vendor risk, model retention policies, and prompt leakage risks.
- Anticipate how AI changes privilege models, data routing, and attack surface area.
- Ensure AI adoption increases leverage without creating uncontrolled data exposure.
- Define how security is embedded into CI/CD pipelines, infrastructure-as-code, identity systems, secrets management, and software supply chain workflows.
- Guide the design of logging, detection, and response capabilities across cloud and developer environments.
- Oversee penetration testing programs and ensure findings translate into durable engineering improvements.
- Build and grow the DevSecOps capability over time, including hiring dedicated engineers to own security tooling and automation.
- Directly manage and coach the IT/InfoSec Manager and help mature the corporate IT, governance, risk, and compliance function.
- Ensure endpoint security, vendor access, onboarding/offboarding, and internal systems meet strong security standards.
- Align IT operations and compliance processes with engineering-driven security architecture.
What We're Looking For
- 10+ years in security, security engineering, or infrastructure/platform engineering roles.
- Experience leading or building security programs in a high-growth B2B SaaS company.
- Experience leading or mentoring security or infrastructure engineers.
- Strong understanding of modern cloud and platform architectures and how security integrates into them.
- Experience partnering closely with engineering teams to embed security into software development and infrastructure workflows.
- Experience securing multi-tenant SaaS products and customer-facing platforms.
- Experience operating within security and compliance frameworks such as SOC 2.
- Ability to translate security risk into pragmatic engineering decisions and business tradeoffs.
- Demonstrated hands-on use of modern AI tools internally or in product contexts, with a proactive approach to identifying and addressing emerging AI security risks.
- Experience scaling security functions in a 50+ engineer organization.
Nice to Have
- Experience securing distributed agent-based or edge systems.
- Experience with model vendor risk and data retention controls.
- Familiarity with observability systems and telemetry pipelines.
- Background in networking or infrastructure automation.
Team & Environment
You will report directly to the CTO. Our culture emphasizes owning and solving problems with high attention to detail, prioritizing simplicity over complexity, and clear communication to keep our team aligned.
