Infrastructure Security Engineer

Snorkel AI•San Francisco, CA

1d•$200,000 - $240,000

About The Position

We are seeking a Security Engineer to evolve Snorkel's security posture across our cloud infrastructure, developer platform, and product ecosystem. You will partner with the security lead to secure cloud environments, build security automation, guide cross-functional initiatives, and embed security into our engineering workflows. You will work across infrastructure, platform, product, and application teams to ensure our systems scale securely and meet the bar required for modern, cloud-native, compliance-focused environments. This is a high-impact role where your ability to work effectively with others matters as much as your technical depth. You do not need to meet every requirement listed below to apply. If you bring solid fundamentals in cloud security and are motivated to grow into the gaps, we encourage you to apply.

Requirements

Programming skills in Python, Go, or similar languages , with the ability to build security tooling and automation
Experience building and operating systems at scale in cloud-native, containerized environments
Proficiency with Infrastructure as Code (Terraform) : writing modules, CI/CD pipelines, deployment governance, and security reviews
AWS cloud architecture : multi-account strategies, landing zones, environment isolation, and cross-account role design
Identity and Access Management (IAM) : role and policy architectures, least privilege, human and machine identity patterns
Network security : security groups, Network Access Control Lists (NACLs), Virtual Private Cloud (VPC) design, subnet segmentation, routing layers, and egress controls
Threat modeling and secure design assessments for new and existing systems
Encryption and key management : data-at-rest, data-in-transit, key rotation using AWS KMS, Secrets Manager, or HashiCorp Vault
Container and OS hardening : secure base images, hardened Amazon Machine Images (AMIs), runtime protections
Cloud Security Posture Management (CSPM) tooling — deployment, tuning, and coordinating remediation workflows through engineering teams
Security event investigation : triage, root cause assessment, and remediation ownership
Vulnerability management lifecycle: scanning, prioritization, tracking, and closure
AI/ML security : awareness of risks specific to AI/ML systems (prompt injection, data poisoning, model extraction, training data protection) and ability to assess trust boundaries in AI product architectures
Compliance and security frameworks : NIST CSF, ISO 27001, SOC 2, CIS benchmarks
Designing secure architectures for high-growth SaaS or cloud-native environments

Nice To Haves

Secure development lifecycle (SDLC) practices : static analysis (SAST), software composition analysis (SCA), software bill of materials (SBOM) automation, secrets scanning, or bug bounty program management
Incident response : digital forensics and incident response (DFIR), forensic investigation, or on-call security operations
Detection engineering : Security Information and Event Management (SIEM) platforms, correlation rules, alert tuning, or Security Orchestration, Automation and Response (SOAR) playbooks
Offensive security : penetration testing, red team exercises, or adversarial testing of AI systems
Multi-cloud environments (GCP, Azure) in addition to AWS
Zero-trust architecture practices and secure workspace design
Data loss prevention (DLP) strategies for protecting training data and customer data

Responsibilities

Build and scale Infrastructure as Code (IaC) governance strategies that embed security while enabling developer velocity
Operate and tune Cloud Security Posture Management (CSPM) tooling and coordinate remediation through engineering teams
Investigate security events , triage incidents, identify root causes, and own remediation through resolution
Architect secure AWS cloud account structures — landing zones, multi-account patterns, network segmentation, and cross-account role strategies
Design and implement network security architectures using security groups, Network Access Control Lists (NACLs), subnetting, routing layers, and egress controls
Establish secure-by-default design patterns across Kubernetes and containerized workloads
Design, maintain, and govern Identity and Access Management (IAM) role & policy architectures for both human and machine identities
Implement encryption everywhere — data-at-rest, data-in-transit, and key rotation using AWS Key Management Service (KMS) and related services
Conduct threat modeling , architecture reviews, and secure design assessments for new and existing systems
Assess and secure AI/ML product architectures , including trust boundaries, API boundaries, and data flow through training and inference pipelines
Build secure automation through Python, AWS-native services, and policy-as-code frameworks
Own complex security projects end-to-end — from discovery and design docs to implementation, rollout, and long-term ownership
Align cloud security strategy with relevant frameworks (NIST CSF, ISO 27001, SOC 2, CIS benchmarks)