Black Forest Labs
Security and Compliance Lead
Black Forest Labs, San Francisco, California, United States, 94199
Black Forest Labs is a cutting‑edge startup pioneering generative image and video models. Our team, which invented Stable Diffusion, Stable Video Diffusion, and FLUX.1, is currently seeking a strong security and compliance to work closely with our team in building and implementing world class security and ensuring regulatory compliance across the business.
The Role:
Own and evolve the company‑wide security strategy across infrastructure, application, and corporate environments
Lead our global compliance programs (e.g., ISO 27001, SOC 2) ensuring we meet regulatory and customer trust requirements. Build and maintain relationships with auditors, ensuring smooth audit processes
Address AI‑specific compliance requirements around data usage, model governance
Build a comprehensive security program that scales with our AI training and inference infrastructure
Partner closely with engineering and DevOps to embed “secure by default” principles into our architecture and development lifecycle.
Secure our model training infrastructure: distributed GPU clusters, data pipelines, training datasets
Protect inference infrastructure: model serving endpoints, API gateways, and production deployment pipelines
Ensure secure model versioning, storage, and deployment practices
Implement access controls and audit trails for sensitive training data and model weights
Manage and scale our IT function, ensuring a secure, efficient, and user friendly digital workplace.
Establish and maintain risk & governance structures, security policies, and incident response procedures.
Design and implement security controls for large scale Kubernetes environments hosting training and inference workloads
Lead internal risk assessments and external audits, and build trusted relationships with auditors and customers
Create and optimise detections, playbooks, and workflows to quickly identify and respond to potential incidents
Make impactful, risk‑based security decisions aligned with business objectives
Establish security as a competitive advantage while maintaining development velocity
Ideal Experience:
5+ years of experience in security roles (Security Officer, Security Engineer, Compliance & Security Manager)
Deep understanding of infrastructure security, application security, and cloud security
Experience performing security operations or investigations involving large scale Kubernetes environments
Track record of successfully managing compliance certifications (SOC 2, ISO 27001, etc.)
Exceptional communication and collaboration skills
An ability to lead projects with little guidance
Experience contributing to a high growth startup environment
Experience securing cloud infrastructure (Azure) at scale
Experience with or strong interest in securing ML/AI infrastructure is highly valued
#J-18808-Ljbffr
The Role:
Own and evolve the company‑wide security strategy across infrastructure, application, and corporate environments
Lead our global compliance programs (e.g., ISO 27001, SOC 2) ensuring we meet regulatory and customer trust requirements. Build and maintain relationships with auditors, ensuring smooth audit processes
Address AI‑specific compliance requirements around data usage, model governance
Build a comprehensive security program that scales with our AI training and inference infrastructure
Partner closely with engineering and DevOps to embed “secure by default” principles into our architecture and development lifecycle.
Secure our model training infrastructure: distributed GPU clusters, data pipelines, training datasets
Protect inference infrastructure: model serving endpoints, API gateways, and production deployment pipelines
Ensure secure model versioning, storage, and deployment practices
Implement access controls and audit trails for sensitive training data and model weights
Manage and scale our IT function, ensuring a secure, efficient, and user friendly digital workplace.
Establish and maintain risk & governance structures, security policies, and incident response procedures.
Design and implement security controls for large scale Kubernetes environments hosting training and inference workloads
Lead internal risk assessments and external audits, and build trusted relationships with auditors and customers
Create and optimise detections, playbooks, and workflows to quickly identify and respond to potential incidents
Make impactful, risk‑based security decisions aligned with business objectives
Establish security as a competitive advantage while maintaining development velocity
Ideal Experience:
5+ years of experience in security roles (Security Officer, Security Engineer, Compliance & Security Manager)
Deep understanding of infrastructure security, application security, and cloud security
Experience performing security operations or investigations involving large scale Kubernetes environments
Track record of successfully managing compliance certifications (SOC 2, ISO 27001, etc.)
Exceptional communication and collaboration skills
An ability to lead projects with little guidance
Experience contributing to a high growth startup environment
Experience securing cloud infrastructure (Azure) at scale
Experience with or strong interest in securing ML/AI infrastructure is highly valued
#J-18808-Ljbffr