Infrastructure Security Engineer

About the Role

We are seeking a Security Engineer to evolve Snorkel's security posture across our cloud infrastructure, developer platform, and product ecosystem. You will partner with the security lead to secure cloud environments, build security automation, guide cross-functional initiatives, and embed security into our engineering workflows.

You will work across infrastructure, platform, product, and application teams to ensure our systems scale securely and meet the bar required for modern, cloud-native, compliance-focused environments. This is a high-impact role where your ability to work effectively with others matters as much as your technical depth.

You do not need to meet every requirement listed below to apply. If you bring solid fundamentals in cloud security and are motivated to grow into the gaps, we encourage you to apply.

Key Responsibilities

• Build and scale Infrastructure as Code (IaC) governance strategies that embed security while enabling developer velocity
• Operate and tune Cloud Security Posture Management (CSPM) tooling and coordinate remediation through engineering teams
• Investigate security events, triage incidents, identify root causes, and own remediation through resolution
• Architect secure AWS cloud account structures — landing zones, multi-account patterns, network segmentation, and cross-account role strategies
• Design and implement network security architectures using security groups, Network Access Control Lists (NACLs), subnetting, routing layers, and egress controls
• Establish secure-by-default design patterns across Kubernetes and containerized workloads
• Design, maintain, and govern Identity and Access Management (IAM) role & policy architectures for both human and machine identities
• Implement encryption everywhere — data-at-rest, data-in-transit, and key rotation using AWS Key Management Service (KMS) and related services
• Conduct threat modeling, architecture reviews, and secure design assessments for new and existing systems
• Assess and secure AI/ML product architectures, including trust boundaries, API boundaries, and data flow through training and inference pipelines
• Build secure automation through Python, AWS-native services, and policy-as-code frameworks
• Own complex security projects end-to-end — from discovery and design docs to implementation, rollout, and long-term ownership
• Align cloud security strategy with relevant frameworks (NIST CSF, ISO 27001, SOC 2, CIS benchmarks)

Professional Skills

Security at a growing startup is not a solo effort. This role succeeds by making the entire organization more secure through the people and teams around you. These skills are not secondary to technical ability — they shape whether security work actually lands and delivers lasting impact.

Communication & Influence

• Communicates security risks, trade-offs, and recommendations clearly to both technical and non-technical audiences
• Writes concise, structured technical documentation — design docs, runbooks, postmortems, and policy proposals that others can act on without follow-up clarification
• Builds alignment on security priorities across teams without relying on positional authority — a small security team cannot mandate adoption; it must earn buy-in

Cross-Functional Partnership

• Builds trust with engineering, product, and infrastructure teams by proposing solutions that balance security posture with developer velocity — security controls that teams resist or work around deliver zero impact
• Defaults to collaboration over enforcement — works with teams to find the right path forward rather than handing down requirements
• Seeks to understand the workflows, constraints, and incentives of partner teams before proposing changes — the best security solution is one the team will actually implement and maintain

Ownership & Judgment

• Comfortable with broad ownership, context-switching, and exercising judgment without a large support structure — this role requires self-direction, not delegation
• Exercises sound judgment on when to push hard on a security requirement versus when to accept managed risk with compensating controls
• Balances thoroughness with pragmatism — delivers iterative security improvements that compound over time rather than waiting for perfect solutions that never ship
• Manages multiple concurrent initiatives with clear ownership, status communication, and escalation when blocked

Teaching & Growth

• Multiplies impact by making others better — equips engineers across the organization to build securely by default through training, code review feedback, and accessible documentation
• Frames security guidance as enablement rather than enforcement — helps teams understand the why behind requirements so they can make sound security choices on their own
• Consistently seeks feedback, stays current on evolving threats and technologies, and treats gaps in knowledge as opportunities — a coachable mindset and commitment to continuous learning are essential in a domain that changes constantly

Technical Skills & Experience

The skills below are grouped into what we consider foundational for this role and additional areas where you will contribute and grow. Depth across every area is not expected — we value solid fundamentals and the ability to learn.

Foundational

• Programming skills in Python, Go, or similar languages, with the ability to build security tooling and automation
• Experience building and operating systems at scale in cloud-native, containerized environments
• Proficiency with Infrastructure as Code (Terraform): writing modules, CI/CD pipelines, deployment governance, and security reviews
• AWS cloud architecture: multi-account strategies, landing zones, environment isolation, and cross-account role design
• Identity and Access Management (IAM): role and policy architectures, least privilege, human and machine identity patterns
• Network security: security groups, Network Access Control Lists (NACLs), Virtual Private Cloud (VPC) design, subnet segmentation, routing layers, and egress controls

Additional Areas You'll Contribute To

• Threat modeling and secure design assessments for new and existing systems
• Encryption and key management: data-at-rest, data-in-transit, key rotation using AWS KMS, Secrets Manager, or HashiCorp Vault
• Container and OS hardening: secure base images, hardened Amazon Machine Images (AMIs), runtime protections
• Cloud Security Posture Management (CSPM) tooling — deployment, tuning, and coordinating remediation workflows through engineering teams
• Security event investigation: triage, root cause assessment, and remediation ownership
• Vulnerability management lifecycle: scanning, prioritization, tracking, and closure
• AI/ML security: awareness of risks specific to AI/ML systems (prompt injection, data poisoning, model extraction, training data protection) and ability to assess trust boundaries in AI product architectures
• Compliance and security frameworks: NIST CSF, ISO 27001, SOC 2, CIS benchmarks
• Designing secure architectures for high-growth SaaS or cloud-native environments

Preferred Experience (Nice-to-Have)

• Secure development lifecycle (SDLC) practices: static analysis (SAST), software composition analysis (SCA), software bill of materials (SBOM) automation, secrets scanning, or bug bounty program management
• Incident response: digital forensics and incident response (DFIR), forensic investigation, or on-call security operations
• Detection engineering: Security Information and Event Management (SIEM) platforms, correlation rules, alert tuning, or Security Orchestration, Automation and Response (SOAR) playbooks
• Offensive security: penetration testing, red team exercises, or adversarial testing of AI systems
• Multi-cloud environments (GCP, Azure) in addition to AWS
• Zero-trust architecture practices and secure workspace design
• Data loss prevention (DLP) strategies for protecting training data and customer data

What You'll Impact

You will embed security from code to cloud — ensuring our systems, data, customer environments, and developer workflows operate securely at scale. This role carries broad influence, high ownership, and the opportunity to shape modern cloud security architecture across the organization.