ROLE OVERVIEW
NetBox Labs is hiring a Director of Security & IT to lead and scale security across our products, platform, AI initiatives, and corporate environment. Reporting to the CTO, this is a technical leadership role that owns DevSecOps, Product Security, AI Security & Risk, and Corporate IT / GRC.
You will define how we build secure software, operate secure infrastructure, adopt AI responsibly, and run a mature internal IT and compliance function. This is not a governance-only CISO role; it is a leadership role embedded alongside engineering that shapes long-term security direction.
WHAT YOUβLL DO
SECURITY ARCHITECTURE & PLATFORM STRATEGY
- Define and continuously evolve security architecture across our multi-tenant SaaS platform, on-prem product, and distributed agent systems.
- Establish security design principles for multi-tenant isolation, IAM, secrets management, and cloud boundaries.
- Embed security into engineering workflows through strong partnership with Engineering Directors and Principal Engineers.
- Own governance, risk, and compliance strategy, including SOC 2 maturity and audit readiness.
OWN AI SECURITY & RISK
- Treat AI security as a first-class security domain and partner with our AI leaders to shape secure AI product strategy from inception.
- Define guardrails for internal AI usage, including data access boundaries, vendor risk, model retention policies, and prompt leakage risks.
- Anticipate how AI changes privilege models, data routing, and attack surface area.
- Ensure AI adoption increases leverage without creating uncontrolled data exposure.
LEAD DEVSECOPS & SECURITY ENGINEERING
- Define how security is embedded into CI/CD pipelines, infrastructure-as-code, identity systems, secrets management, and software supply chain workflows in partnership with platform and product engineering teams.
- Guide the design of logging, detection, and response capabilities across our cloud and developer environments.
- Oversee penetration testing programs and ensure findings translate into durable engineering improvements.
- Build and grow the DevSecOps capability over time, including hiring dedicated engineers to own security tooling and automation.
- Oversee the Security Champions program across engineering teams, enabling cross-functional representatives to promote security awareness, share best practices, and embed secure development practices into everyday engineering work.
LEAD CORPORATE IT & GOVERNANCE, RISK & COMPLIANCE
- Directly manage and coach the IT/InfoSec Manager and help mature the corporate IT, governance, risk, and compliance function.
- Ensure endpoint security, vendor access, onboarding/offboarding, and internal systems meet strong security standards.
- Align IT operations and compliance processes with engineering-driven security architecture.
REQUIRED EXPERIENCE
- 10+ years in security, security engineering, or infrastructure/platform engineering roles.
- Experie