Infrastructure Security Engineer

About Snorkel At Snorkel, we believe meaningful AI doesn’t start with the model, it starts with the data. We’re on a mission to help enterprises transform expert knowledge into specialized AI at scale. The AI landscape has gone through incredible changes between 2015, when Snorkel started as a research project in the Stanford AI Lab, to the generative AI breakthroughs of today. But one thing has remained constant: the data you use to build AI is the key to achieving differentiation, high performance, and production-ready systems. We work with some of the world’s largest organizations to empower scientists, engineers, financial experts, product creators, journalists, and more to build custom AI with their data faster than ever before. Excited to help us redefine how AI is built? Apply to be the newest Snorkeler! About the Role We are seeking a Security Engineer to evolve Snorkel's security posture across our cloud infrastructure, developer platform, and product ecosystem. You will partner with the security lead to secure cloud environments, build security automation, guide cross-functional initiatives, and embed security into our engineering workflows. You will work across infrastructure, platform, product, and application teams to ensure our systems scale securely and meet the bar required for modern, cloud-native, compliance-focused environments. This is a high-impact role where your ability to work effectively with others matters as much as your technical depth. You do not need to meet every requirement listed below to apply. If you bring solid fundamentals in cloud security and are motivated to grow into the gaps, we encourage you to apply. Key Responsibilities Build and scale Infrastructure as Code (IaC) governance strategies that embed security while enabling developer velocity Operate and tune Cloud Security Posture Management (CSPM) tooling and coordinate remediation through engineering teams Investigate security events , triage incidents, identify root causes, and own remediation through resolution Architect secure AWS cloud account structures — landing zones, multi-account patterns, network segmentation, and cross-account role strategies Design and implement network security architectures using security groups, Network Access Control Lists (NACLs), subnetting, routing layers, and egress controls Establish secure-by-default design patterns across Kubernetes and containerized workloads Design, maintain, and govern Identity and Access Management (IAM) role & policy architectures for both human and machine identities Implement encryption everywhere — data-at-rest, data-in-transit, and key rotation using AWS Key Management Service (KMS) and related services Conduct threat modeling , architecture reviews, and secure design assessments for new and existing systems Assess and secure AI/ML product architectures , including trust boundaries, API boundaries, and data flow through training and inference pipelines Build secure automation through Python, AWS-native services, and policy-as-code frameworks Own complex security projects end-to-end — from discovery and design docs to implementation, rollout, and long-term ownership Align cloud security strategy with relevant frameworks (NIST CSF, ISO 27001, SOC 2, CIS benchmarks) Professional Skills Security at a growing startup is not a solo effort. This role succeeds by making the entire organization more secure through the people and teams around you. These skills are not secondary to technical ability — they shape whether security work actually lands and delivers lasting impact. Communication & Influence Communicates security risks, trade-offs, and recommendations clearly to both technical and non-technical audiences Writes concise, structured technical documentation — design docs, runbooks, postmortems, and policy proposals that others can act on without follow-up clarification Builds alignment on security priorities across teams without relying on positional authority — a small security team cannot mandate adoption; it must earn buy-in Cross-Functional Partnership Builds trust with engineering, product, and infrastructure teams by proposing solutions that balance security posture with developer velocity — security controls that teams resist or work around deliver zero impact Defaults to collaboration over enforcement — works with teams to find the right path forward rather than handing down requirements Seeks to understand the workflows, constraints, and incentives of partner teams before proposing changes — the best security solution is one the team will actually implement and maintain Ownership & Judgment Comfortable with broad ownership, context-switching, and exercising judgment without a large support structure — this role requires self-direction, not delegation Exercises sound judgment on when to push hard on a security requirement versus when to accept managed risk with comp