Data Security Engineer

General Intuition & MedalNew York, NY
$150,000 - $300,000

About The Position

This role secures the infrastructure bridging GI's AI research and Medal's creator platform. You will harden our cloud environments, protect our data pipelines, and ensure our deployment systems are safe from supply-chain attacks and other threats. You'll design secure-by-default foundations without slowing down research or product teams, blending off-the-shelf security tooling with custom guardrails where necessary. Your work directly reduces operational risk across both General Intuition and Medal.

Requirements

  • Experience hardening GCP, Kubernetes, and containers.
  • Experience with workload isolation, network segmentation, and IAM discipline.
  • Experience with Terraform, CI/CD, and deployments.
  • Experience encrypting and isolating data pipelines (video/metadata ETL).
  • Experience with logging and observability tools (Cloud Logging, SIEM, OpenTelemetry, Honeycomb).
  • Experience with identity, access, and secrets management (privileged-access visibility, key rotation, least-privilege baselines, workload identity, PKI).
  • Experience with cloud-native KMS / Secret Manager.
  • Experience securing software supply chains (scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners).
  • Experience with op-sec programs (threat modeling, red-team and tabletop drills, incident response, external pen-tests).
  • Experience with creator data and AI training data compliance.

Responsibilities

  • Harden GCP (AWS equivalents fine), Kubernetes, and containers from the inside out - workload isolation, network segmentation, IAM discipline, and secure-by-default guardrails baked into Terraform, CI/CD, and deployments.
  • Protect the data pipelines - encrypting and isolating the video/metadata ETL, with full logging and observability (Cloud Logging, SIEM, OpenTelemetry, Honeycomb) into how AI training data moves and is used.
  • Own identity, access, and secrets - privileged-access visibility, key rotation, least-privilege baselines, workload identity, and PKI (cloud-native KMS / Secret Manager).
  • Secure the software supply chain - scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners.
  • Run the op-sec program - threat modeling, red-team and tabletop drills, incident response, and external pen-tests.
  • Keep us compliant across creator data and AI training data.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service