About Snorkel
At Snorkel, we believe meaningful AI doesn’t start with the model, it starts with the data.
We’re on a mission to help enterprises transform expert knowledge into specialized AI at scale. The AI landscape has gone through incredible changes between 2015, when Snorkel started as a research project in the Stanford AI Lab, to the generative AI breakthroughs of today. But one thing has remained constant: the data you use to build AI is the key to achieving differentiation, high performance, and production-ready systems. We work with some of the world’s largest organizations to empower scientists, engineers, financial experts, product creators, journalists, and more to build custom AI with their data faster than ever before. Excited to help us redefine how AI is built? Apply to be the newest Snorkeler!
About the Role
We are seeking a Security Engineer to evolve Snorkel's security posture across our cloud infrastructure, developer platform, and product ecosystem. You will partner with the security lead to secure cloud environments, build security automation, guide cross-functional initiatives, and embed security into our engineering workflows.
You will work across infrastructure, platform, product, and application teams to ensure our systems scale securely and meet the bar required for modern, cloud-native, compliance-focused environments. This is a high-impact role where your ability to work effectively with others matters as much as your technical depth.
You do not need to meet every requirement listed below to apply. If you bring solid fundamentals in cloud security and are motivated to grow into the gaps, we encourage you to apply.
Key Responsibilities
- Build and scale Infrastructure as Code (IaC) governance strategies that embed security while enabling developer velocity
- Operate and tune Cloud Security Posture Management (CSPM) tooling and coordinate remediation through engineering teams
- Investigate security events, triage incidents, identify root causes, and own remediation through resolution
- Architect secure AWS cloud account structures — landing zones, multi-account patterns, network segmentation, and cross-account role strategies
- Design and implement network security architectures using security groups, Network Access Control Lists (NACLs), subnetting, routing layers, and egress controls
- Establish secure-by-default design patterns across Kubernetes and containerized workloads
- Design, maintain, and govern Identity and Access Management (IAM) role & policy architectures for both human and machine identities
- Implement encryption everywhere — data-at-rest, data-in-transit, and key rotation using AWS Key Management Service (KMS) and related services
- Conduct threat modeling, architecture reviews, and secure design assessments for new and existing systems
- Assess and secure AI/ML product architectures, including trust boundaries, API boundaries, and data flow through training and inference pipelines
- Build secure automation through Python, AWS-native services, and policy-as-code frameworks
- Own complex security projects end-to-end — from discovery and design docs to implementation, rollout, and long-term ownership
- Align cloud security strategy with relevant frameworks (NIST CSF, ISO 27001, SOC 2, CIS benchmarks)
Professional Skills
Security at a growing startup is not a solo effort. This role succeeds by making the entire organization more secure through the people and teams around you. These skills are not secondary to technical ability — they shape whether security work actually lands and delivers lasting impact.
Communication & Influence
- Communicates security risks, trade-offs, and recommendations clearly to both technical and non-technical audiences
- Writes concise, structured technical documentation — design docs, runbooks, postmortems, and policy proposals that others can act on without follow-up clarification
- Builds alignment on security priorities across teams without relying on positional authority — a small security team cannot mandate adoption; it must earn buy-in
Cross-Functional Partnership
- Builds trust with engineering, product, and infrastructure teams by proposing solutions that balance security posture with developer velocity — security controls that teams resist or work around deliver zero impact
- Defaults to collaboration over enforcement — works with teams to find the right path forward rather than handing down requirements
- Seeks to understand the workflows, constraints, and incentives of partner teams before proposing changes — the best security solution is one the team will actually implement and maintain
Ownership & Judgment
- Comfortable with broad ownership, context-switching, and exercising judgment without a large support structure — this role requires self-direction, not delegation
- Exercises sound judgment on when to push hard on a security requirement versus when to accept managed risk with compensating controls
- Balances thoroughness with pragmatism — delivers iterative security improvements that compound over time rather than waiting for perfect solutions that never ship
- Manages multiple concurrent initiatives with clear ownership, status communication, and escalation when blocked
Teaching & Growth
- Multiplies impact by making others better — equips engineers across the organization to build securely by default through training, code review feedback, and accessible documentation
- Frames security guidance as enablement rather than enforcement — helps teams understand the why behind requirements so they can make sound security choices on their own
- Consistently seeks feedback, stays current on evolving threats and technologies, and treats gaps in knowledge as opportunities — a coachable mindset and commitment to continuous learning are essential in a domain that changes constantly
Technical Skills & Experience
The skills below are grouped into what we consider foundational for this role and additional areas where you will contribute and grow. Depth across every area is not expected — we value solid fundamentals and the ability to learn.
Foundational
- Programming skills in Python, Go, or similar languages, with the ability to build security tooling and automation
- Experience building and operating systems at scale in cloud-native, containerized environments
- Proficiency with Infrastructure as Code (Terraform): writing modules, CI/CD pipelines, deployment governance, and security reviews
- AWS cloud architecture: multi-account strategies, landing zones, environment isolation, and cross-account role design
- Identity and Access Management (IAM): role and policy architectures, least privilege, human and machine identity patterns
- Network security: security groups, Network Access Control Lists (NACLs), Virtual Private Cloud (VPC) design, subnet segmentation, routing layers, and egress controls
Additional Areas You'll Contribute To
- Threat modeling and secure design assessments for new and existing systems
- Encryption and key management: data-at-rest, data-in-transit, key rotation using AWS KMS, Secrets Manager, or HashiCorp Vault
- Container and OS hardening: secure base images, hardened Amazon Machine Images (AMIs), runtime protections
- Cloud Security Posture Management (CSPM) tooling — deployment, tuning, and coordinating remediation workflows through engineering teams
- Security event investigation: triage, root cause assessment, and remediation ownership
- Vulnerability management lifecycle: scanning, prioritization, tracking, and closure
- AI/ML security: awareness of risks specific to AI/ML systems (prompt injection, data poisoning, model extraction, training data protection) and ability to assess trust boundaries in AI product architectures
- Compliance and security frameworks: NIST CSF, ISO 27001, SOC 2, CIS benchmarks
- Designing secure architectures for high-growth SaaS or cloud-native environments
Preferred Experience (Nice-to-Have)
- Secure development lifecycle (SDLC) practices: static analysis (SAST), software composition analysis (SCA), software bill of materials (SBOM) automation, secrets scanning, or bug bounty program management
- Incident response: digital forensics and incident response (DFIR), forensic investigation, or on-call security operations
- Detection engineering: Security Information and Event Management (SIEM) platforms, correlation rules, alert tuning, or Security Orchestration, Automation and Response (SOAR) playbooks
- Offensive security: penetration testing, red team exercises, or adversarial testing of AI systems
- Multi-cloud environments (GCP, Azure) in addition to AWS
- Zero-trust architecture practices and secure workspace design
- Data loss prevention (DLP) strategies for protecting training data and customer data
What You'll Impact
You will embed security from code to cloud — ensuring our systems, data, customer environments, and developer workflows operate securely at scale. This role carries broad influence, high ownership, and the opportunity to shape modern cloud security architecture across the organization.
Salary Range
$200,000—$240,000 USD
Be Your Best at Snorkel
Joining Snorkel AI means becoming part of a company that has market proven solutions, robust funding, and is scaling rapidly—offering a unique combination of stability and the excitement of high growth. As a member of our team, you’ll have meaningful opportunities to shape priorities and initiatives, influence key strategic decisions, and directly impact our ongoing success. Whether you’re looking to deepen your technical expertise, explore leadership opportunities, or learn new skills across multiple functions, you’re fully supported in building your career in an environment designed for growth, learning, and shared success.
Snorkel AI is proud to be an Equal Employment Opportunity employer and is committed to building a team that represents a variety of backgrounds, perspectives, and skills. Snorkel AI embraces diversity and provides equal employment opportunities to all employees and applicants for employment. Snorkel AI prohibits discrimination and harassment of any type on the basis of race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local law. All employment is decided on the basis of qualifications, performance, merit, and business need.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.