Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable.
THE OPPORTUNITY
We're looking for a Principal Security Engineer to own security at Apollo Research from end to end. You'll be the first dedicated security hire at Apollo. Security at Apollo exists to maintain the trust of our frontier AI lab partners and enable our research mission. This role sits within the engineering team and reports directly to the CEO.
YOU HAVE THE OPPORTUNITY TO
- Build and own Apollo's security programme. Own the security roadmap, conduct risk assessments, and evolve the programme as the org grows. You decide what Apollo's security posture needs to look like given our size, threat model, and partner relationships.
- Maintain the trust of our frontier AI lab partners. Become the primary security point of contact for partner security teams. Build relationships with partner CISOs, produce and maintain technical documentation on Apollo's security practices, and demonstrate that our security posture meets the bar required for our ongoing partnerships.
- Set security direction for engineering. Define security principles and AppSec strategy which the engineering team implements. Build paved roads that make the secure path easy for engineers.
- Define how Apollo uses AI tools, agents, and integrations. Decide what's approved, what data can go where, and how new tools get vetted. This is a live and evolving challenge, and you'll need to balance security with the fact that researchers need to use cutting-edge tools to do their jobs.
- Own the security tooling stack and automate security operations. Select, implement, and manage security controls including EDR/MDR, endpoint management, email protection, and identity management. Automate wherever possible: zero-touch deployments, IaC for security tooling, automated provisioning and deprovisioning.
- Drive compliance and certification. Lead certification efforts (ISO 27001, SOC 2) as needed to meet partner requirements. Automate where needed and treat compliance as a byproduct of good security practice.
- Own IT administration across the organisation. Manage Google Workspace, define access policies, and build secure onboarding and offboarding processes.
WHAT WE'RE LOOKING FOR
- Engineering mindset. You treat security operations and GRC as engineering problems. You reach for automation and systems solutions over manual processes.
- Pragmatism. You understand that security exists to enable Apollo's mission and maintain partner trust, and you tailor your advice to our risk profile.
- Leadership. You are capable of building out our security programme from scratch.
- Hands-on. In addition to leading the security programme, you are willing and able to drive implementation yourself.
- Speed. You make good-enough decisions quickly and execute fast once a decision is made.
- Adaptability to new developments. You have a strong base of knowledge that enables you to make decisions under uncertainty as AI tooling and the threat landscape evolve.
- Stakeholder credibility. Non-security people trust you internally, and you can credibly represent Apollo to lab partner security teams externally.