Data Security Engineer
Medal · New York, NY · 2 wk ago
On-siteInformation Technology$180k–$300k/yrFull-time
About the role
This role secures the infrastructure bridging GI's AI research and Medal's creator platform. You will harden our cloud environments, protect our data pipelines, and ensure our deployment systems are safe from supply-chain attacks and other threats.
Responsibilities
- Harden GCP (AWS equivalents fine), Kubernetes, and containers from the inside out - workload isolation, network segmentation, IAM discipline, and secure-by-default guardrails baked into Terraform, CI/CD, and deployments.
- Protect the data pipelines - encrypting and isolating the video/metadata ETL, with full logging and observability (Cloud Logging, SIEM, OpenTelemetry, Honeycomb) into how AI training data moves and is used.
- Own identity, access, and secrets - privileged-access visibility, key rotation, least-privilege baselines, workload identity, and PKI (cloud-native KMS / Secret Manager).
- Secure the software supply chain - scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners.
- Run the op-sec program - threat modeling, red-team and tabletop drills, incident response, and external pen-tests.
- Keep us compliant across creator data and AI training data.
Requirements
- You harden GCP (AWS equivalents fine), Kubernetes, and containers from the inside out - workload isolation, network segmentation, IAM discipline, and secure-by-default guardrails baked into Terraform, CI/CD, and deployments.
- You protect the data pipelines - encrypting and isolating the video/metadata ETL, with full logging and observability (Cloud Logging, SIEM, OpenTelemetry, Honeycomb) into how AI training data moves and is used.
- You own identity, access, and secrets - privileged-access visibility, key rotation, least-privilege baselines, workload identity, and PKI (cloud-native KMS / Secret Manager).
- You secure the software supply chain - scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners.
- You run the op-sec program - threat modeling, red-team and tabletop drills, incident response, and external pen-tests.
- You keep us compliant across creator data and AI training data.
Qualifications
- Experience hardening GCP (AWS equivalents fine), Kubernetes, and containers from the inside out - workload isolation, network segmentation, IAM discipline, and secure-by-default guardrails baked into Terraform, CI/CD, and deployments.
- Experience protecting data pipelines - encrypting and isolating the video/metadata ETL, with full logging and observability (Cloud Logging, SIEM, OpenTelemetry, Honeycomb) into how AI training data moves and is used.
- Experience owning identity, access, and secrets - privileged-access visibility, key rotation, least-privilege baselines, workload identity, and PKI (cloud-native KMS / Secret Manager).
- Experience securing the software supply chain - scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners.
- Experience running the op-sec program - threat modeling, red-team and tabletop drills, incident response, and external pen-tests.
- Experience keeping us compliant across creator data and AI training data.
Skills
- Strong understanding of cloud platforms (GCP, AWS)
- Experience with Kubernetes and container orchestration
- Knowledge of security best practices and tools
- Experience with CI/CD pipelines and security scanning
- Experience with threat modeling and incident response
Benefits
- Comprehensive benefits package
- Flexible work schedule
- Professional development opportunities
Pay
$180K - $300K
Schedule
Full-time