Keystone is a premier strategy, technology, and economics firm that delivers science-led AI solutions for Fortune 500 companies. We design, deploy, and operate machine learning software that automates and optimizes complex operational and commercial decisions.
Our CoreAI Solutions Group includes world-class AI and ML practitioners with unmatched experience implementing large-scale, high-impact models that help enterprises make smarter decisions across manufacturing, supply chain, sales, and marketing. We bring transformative ideas to life—and ensure they scale, endure, and deliver measurable value.
We are based in Bellevue, WA and New York, Boston, San Francisco, and London.
Position Overview
Keystone is seeking a Principal Cybersecurity Engineer to lead the development of a security-first culture and architecture across our products, platform, and internal environment. This is a senior technical role with direct influence over how CoreAI builds, integrates, deploys, and protects its science-led software.
This role sits at the intersection of software engineering, cybersecurity, and AI—with a unique focus leveraging AI to expedite your deliverables while extending the reach and precision of our security practices. You will shape the secure development strategy across our software lifecycle, safeguard how customers integrate with our SaaS or managed services, and defend our infrastructure and data at scale.
In addition to securing and scaling our defenses, you will act as a forward-thinking offensive engineer—leading adversarial testing, red-teaming, and simulations to surface vulnerabilities before they’re exploited.
You will collaborate directly with engineering, product, science, deployment, and customer-facing teams to set and uphold a high standard for how security is embedded into every part of our system—from CI/CD to API authentication to real-time model inference.
What You Will Do
- Design and lead a secure software development lifecycle (SSDLC) across CoreAI products and platform teams
- Develop and enforce security architecture standards for both customer-hosted and CoreAI-hosted SaaS deployments
- Build and operate security infrastructure that protects customer data and supports real-time observability, access controls, and policy enforcement
- Use AI tools to enhance code review, anomaly detection, red teaming, and response automation
- Own threat modeling, risk assessment, and vulnerability remediation processes across the company
- Lead penetration testing, adversarial simulations, and exploit research across CoreAI’s environments
- Build automated security telemetry into pipelines, APIs, and runtime systems
- Define secure-by-default standards for APIs, identity management, and data ingestion from customer systems
- Lead response efforts to security incidents, including root cause analysis, customer notification, and system hardening
- Guide engineers and product leaders with clear, context-aware security guidance and mentorship
- Track emerging threats, tools, and techniques—and proactively evolve our security posture
The Ideal Candidate
- A hands-on security expert with deep experience building secure software and infrastructure at scale
- Equally comfortable in defensive (blue team), offensive (red team), and architectural (white team) modes
- Proficient in applying AI/ML tools to security use cases, such as detection, simulation, and diagnostics
- A system thinker who understands how code, data, identity, and infrastructure interact in real-world deployments
- Strong communicator—able to engage with engineers, execs, and customers on risk, mitigation, and tradeoffs
- Familiar with securing environments in compliance with SOC 2, ISO 27001, or similar frameworks
- Motivated by impact, pragmatism, and continuous improvement
Minimum Qualifications
- 10+ years of experience in cybersecurity, software security, or application/infrastructure security roles
- Deep technical expertise in at least two of the following: network security, cloud infrastructure, software development, cryptography, identity & access management, red teaming
- Strong experience securing cloud-native platforms (AWS preferred) and CI/CD environments
- Proficient with secure coding practices, secure APIs, encryption, and access control models
- Hands-on experience using or evaluating AI/LLM tools for security operations, diagnostics, or simulation
- Experience building security tools or automating security workflows
- Strong written and verbal communication skills, especially for incident response and cross-functional guidance
Preferred Qualifications
- Experience with data-intensive systems or ML/AI-powered platforms
- Familiarity with Kubernetes, Terraform, and container security practices
- Experience securing hybrid delivery models (SaaS + on-prem + managed service)
- Hands-on use of adversarial simulation tools (e.g., Metasploit, Cobalt Strike, Atomic Red Team)
- History of mentoring engineers and shaping security culture in fast-growing product organizations
US Salary Range: $235,000 - $280,000, plus an annual discretionary bonus, 401k contribution, and competitive benefits package. Actual compensation within the range will depend upon the level the individual is hired into based on their skills, experience, qualifications.
At Keystone we believe diversity matters. At every level of our firm, we seek to advance and promote diversity, foster an inclusive culture, and ensure our colleagues have a deep sense of respect and belonging. If you are interested in growing your career with colleagues from varied backgrounds and cultures, consider Keystone Strategy.
Read Full Description