Back to jobs

Infrastructure Security Engineer

Redwood City, CA (Hybrid); San Francisco, CA (Hybrid)

About Snorkel

At Snorkel, we believe meaningful AI doesn’t start with the model, it starts with the data.

We’re on a mission to help enterprises transform expert knowledge into specialized AI at scale. The AI landscape has gone through incredible changes between 2015, when Snorkel started as a research project in the Stanford AI Lab, to the generative AI breakthroughs of today. But one thing has remained constant: the data you use to build AI is the key to achieving differentiation, high performance, and production-ready systems. We work with some of the world’s largest organizations to empower scientists, engineers, financial experts, product creators, journalists, and more to build custom AI with their data faster than ever before. Excited to help us redefine how AI is built? Apply to be the newest Snorkeler!

About the Role

We are seeking a Security Engineer to evolve Snorkel's security posture across our cloud infrastructure, developer platform, and product ecosystem. You will partner with the security lead to secure cloud environments, build security automation, guide cross-functional initiatives, and embed security into our engineering workflows.

You will work across infrastructure, platform, product, and application teams to ensure our systems scale securely and meet the bar required for modern, cloud-native, compliance-focused environments. This is a high-impact role where your ability to work effectively with others matters as much as your technical depth.

You do not need to meet every requirement listed below to apply. If you bring solid fundamentals in cloud security and are motivated to grow into the gaps, we encourage you to apply.

Key Responsibilities

  • Build and scale Infrastructure as Code (IaC) governance strategies that embed security while enabling developer velocity
  • Operate and tune Cloud Security Posture Management (CSPM) tooling and coordinate remediation through engineering teams
  • Investigate security events, triage incidents, identify root causes, and own remediation through resolution
  • Architect secure AWS cloud account structures — landing zones, multi-account patterns, network segmentation, and cross-account role strategies
  • Design and implement network security architectures using security groups, Network Access Control Lists (NACLs), subnetting, routing layers, and egress controls
  • Establish secure-by-default design patterns across Kubernetes and containerized workloads
  • Design, maintain, and govern Identity and Access Management (IAM) role & policy architectures for both human and machine identities
  • Implement encryption everywhere — data-at-rest, data-in-transit, and key rotation using AWS Key Management Service (KMS) and related services
  • Conduct threat modeling, architecture reviews, and secure design assessments for new and existing systems
  • Assess and secure AI/ML product architectures, including trust boundaries, API boundaries, and data flow through training and inference pipelines
  • Build secure automation through Python, AWS-native services, and policy-as-code frameworks
  • Own complex security projects end-to-end — from discovery and design docs to implementation, rollout, and long-term ownership
  • Align cloud security strategy with relevant frameworks (NIST CSF, ISO 27001, SOC 2, CIS benchmarks)

Professional Skills

Security at a growing startup is not a solo effort. This role succeeds by making the entire organization more secure through the people and teams around you. These skills are not secondary to technical ability — they shape whether security work actually lands and delivers lasting impact.

Communication & Influence

  • Communicates security risks, trade-offs, and recommendations clearly to both technical and non-technical audiences
  • Writes concise, structured technical documentation — design docs, runbooks, postmortems, and policy proposals that others can act on without follow-up clarification
  • Builds alignment on security priorities across teams without relying on positional authority — a small security team cannot mandate adoption; it must earn buy-in

Cross-Functional Partnership

  • Builds trust with engineering, product, and infrastructure teams by proposing solutions that balance security posture with developer velocity — security controls that teams resist or work around deliver zero impact
  • Defaults to collaboration over enforcement — works with teams to find the right path forward rather than handing down requirements
  • Seeks to understand the workflows, constraints, and incentives of partner teams before proposing changes — the best security solution is one the team will actually implement and maintain

Ownership & Judgment

  • Comfortable with broad ownership, context-switching, and exercising judgment without a large support structure — this role requires self-direction, not delegation
  • Exercises sound judgment on when to push hard on a security requirement versus when to accept managed risk with compensating controls
  • Balances thoroughness with pragmatism — delivers iterative security improvements that compound over time rather than waiting for perfect solutions that never ship
  • Manages multiple concurrent initiatives with clear ownership, status communication, and escalation when blocked

Teaching & Growth

  • Multiplies impact by making others better — equips engineers across the organization to build securely by default through training, code review feedback, and accessible documentation
  • Frames security guidance as enablement rather than enforcement — helps teams understand the why behind requirements so they can make sound security choices on their own
  • Consistently seeks feedback, stays current on evolving threats and technologies, and treats gaps in knowledge as opportunities — a coachable mindset and commitment to continuous learning are essential in a domain that changes constantly

Technical Skills & Experience

The skills below are grouped into what we consider foundational for this role and additional areas where you will contribute and grow. Depth across every area is not expected — we value solid fundamentals and the ability to learn.

Foundational

  • Programming skills in Python, Go, or similar languages, with the ability to build security tooling and automation
  • Experience building and operating systems at scale in cloud-native, containerized environments
  • Proficiency with Infrastructure as Code (Terraform): writing modules, CI/CD pipelines, deployment governance, and security reviews
  • AWS cloud architecture: multi-account strategies, landing zones, environment isolation, and cross-account role design
  • Identity and Access Management (IAM): role and policy architectures, least privilege, human and machine identity patterns
  • Network security: security groups, Network Access Control Lists (NACLs), Virtual Private Cloud (VPC) design, subnet segmentation, routing layers, and egress controls

Additional Areas You'll Contribute To

  • Threat modeling and secure design assessments for new and existing systems
  • Encryption and key management: data-at-rest, data-in-transit, key rotation using AWS KMS, Secrets Manager, or HashiCorp Vault
  • Container and OS hardening: secure base images, hardened Amazon Machine Images (AMIs), runtime protections
  • Cloud Security Posture Management (CSPM) tooling — deployment, tuning, and coordinating remediation workflows through engineering teams
  • Security event investigation: triage, root cause assessment, and remediation ownership
  • Vulnerability management lifecycle: scanning, prioritization, tracking, and closure
  • AI/ML security: awareness of risks specific to AI/ML systems (prompt injection, data poisoning, model extraction, training data protection) and ability to assess trust boundaries in AI product architectures
  • Compliance and security frameworks: NIST CSF, ISO 27001, SOC 2, CIS benchmarks
  • Designing secure architectures for high-growth SaaS or cloud-native environments

Preferred Experience (Nice-to-Have)

  • Secure development lifecycle (SDLC) practices: static analysis (SAST), software composition analysis (SCA), software bill of materials (SBOM) automation, secrets scanning, or bug bounty program management
  • Incident response: digital forensics and incident response (DFIR), forensic investigation, or on-call security operations
  • Detection engineering: Security Information and Event Management (SIEM) platforms, correlation rules, alert tuning, or Security Orchestration, Automation and Response (SOAR) playbooks
  • Offensive security: penetration testing, red team exercises, or adversarial testing of AI systems
  • Multi-cloud environments (GCP, Azure) in addition to AWS
  • Zero-trust architecture practices and secure workspace design
  • Data loss prevention (DLP) strategies for protecting training data and customer data

What You'll Impact

You will embed security from code to cloud — ensuring our systems, data, customer environments, and developer workflows operate securely at scale. This role carries broad influence, high ownership, and the opportunity to shape modern cloud security architecture across the organization.

Salary Range

$200,000 - $240,000 USD

Be Your Best at Snorkel

Joining Snorkel AI means becoming part of a company that has market proven solutions, robust funding, and is scaling rapidly—offering a unique combination of stability and the excitement of high growth. As a member of our team, you’ll have meaningful opportunities to shape priorities and initiatives, influence key strategic decisions, and directly impact our ongoing success. Whether you’re looking to deepen your technical expertise, explore leadership opportunities, or learn new skills across multiple functions, you’re fully supported in building your career in an environment designed for growth, learning, and shared success.

Snorkel AI is proud to be an Equal Employment Opportunity employer and is committed to building a team that represents a variety of backgrounds, perspectives, and skills. Snorkel AI embraces diversity and provides equal employment opportunities to all employees and applicants for employment. Snorkel AI prohibits discrimination and harassment of any type on the basis of race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local law. All employment is decided on the basis of qualifications, performance, merit, and business need.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Create a Job Alert

Interested in building your career at Snorkel AI? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

Personal Information Protection Notice for EU and UK Applicants

1.  Introduction

Snorkel AI and its subsidiaries and affiliates (“Company” or “We”) [operate/may operate] in many different countries. Some of these countries have laws related to the collection, use, transfer and disclosure of the personal information of individuals, including applicants.  We take these obligations very seriously and are committed to protecting the privacy of our current and former applicants.  

The purpose of this Personal Information Protection Notice for EU and UK Applicants (“Notice”) is to give applicants who are based in the EU and UK, (“EU and UK Applicants”) information about: what personal information we collect; how we collect, use and disclose that information and the legal grounds for us doing this; and their rights in respect of their personal information.

Snorkel AI is the data controller of your personal information and is responsible for how your personal information is processed. 

This Notice does not form part of your application or any future contract of employment and may be updated at any time.  We will provide you with a revised Notice if we make any substantial updates.  It is important you read this Notice, so that you are aware of how and why we are using your personal information.

2.  What Information We Collect About EU and UK Applicants

Before, during and after their application to the Company, including time spent on the Careers section of our website (located at https://snorkel.ai/company/ (“Snorkel Careers”) we may collect and process information about EU and UK Applicants.  We refer to such information in this Notice as “EU and UK Personal Information.”  We collect the following EU and UK Personal Information:

  • Personal Details: Name, home contact details (email, phone numbers, physical address) languages(s) spoken, gender, date of birth, national identification number, social security number, disability status, emergency contact information and photograph;
  • Documentation Required under Immigration Laws: Citizenship and passport data, details of residency or work permit;
  • Talent Management Information: Details contained in letters of application and resume/CV (previous employment background, education history, professional qualifications and memberships, language and other relevant skills, certification, certification expiration dates), information necessary to complete a background check, information relating to references such as referees’ names and contact details, details on performance management ratings, development programs planned and attended, e-learning programs, performance and development reviews, willingness to relocate, driver’s license information, and information used to populate employee biographies; 
  • Any other information you provide to us: such as current salary, desired salary, employment preferences; and
  • Sensitive Information:  EU and UK Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person’s sex life or sexual orientation, and criminal conviction data. Data concerning health may include your body temperature, health symptoms and other screening information in connection with the Company’s health and safety plans and protocols, including screening required to access Company offices/facilities and other measures designed to prevent the transmission of COVID-19 or other infectious diseases. 

We ask that you avoid submitting Sensitive Information, unless such information is legally required and/or the Company requests you to submit such information.

Any information you submit through the Careers Site must be true, complete and not misleading.  Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application during the recruitment process or disciplinary action including immediate termination of your employment.  In addition, it is your responsibility to ensure that the information you submit does not violate any third party’s rights.

If you provide us with personal information of a referee or any other individual as part of your application, it is your responsibility to obtain consent from that individual prior to providing the information to us.

3.  Sources of EU and UK Personal Information

We collect EU and UK Personal Information from the following sources: 

  • EU and UK Applicants: in person, online, by telephone, or in written correspondence and forms;
  • Third-party websites: where you can apply for jobs at the Company;
  • Previous employers and other referees: in the form of employment references;
  • Background and credit check vendors: as part of the recruitment process;
  • Employment agencies and recruiters; and
  • Providers of sanctions and “politically exposed persons” screening lists.

4.  How we use and disclose EU and UK Personal Information

Legal Basis for Processing

We will only use EU and UK Personal Information when the law allows us to.  Most commonly, we will use your EU and UK Personal Information in the following circumstances: 

  • where it is necessary in order to take steps at your request prior to entering into an employment contract; 
  • where it is necessary to comply with a legal obligation (including, in respect of Sensitive Information,  obligations under employment law) on us; and
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  For example, the Company has a legitimate interest in conducting certain background checks on applicants to ensure that it is offering employment to those individuals whom it considers are most likely to be successful when working for the Company.

We may also use your EU and UK Personal Information in the following situations, which are likely to be rare:

  • where it is necessary to protect your (or someone else's) vital interests (and, in the case of Sensitive Information, where you are incapable of consenting);
  • where it is necessary for us to defend, prosecute or make a claim against you, us or a third party; and
  • in the case of Sensitive Information, where you have made the information public.

In particular, we may use your Sensitive Information, such as health/medical information, in order to accommodate a disability or illness during the recruitment process, and reduce the risk of transmission of COVID-19 or other infectious diseases should you be visiting the Company offices, your diversity-related EU and UK Personal Information (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination, and your criminal conviction data only where it is appropriate (given the role for which you are applying) and we are legally able to do so.

Purposes of Processing

We process EU and UK Personal Information for the following purposes:

  • Managing Workforce: Managing recruitment and assessing your suitability, capabilities and qualifications for a job with us, processing your application and performing background checks if we offer you a job, such as credit checks, anti-fraud checks and checks to prevent fraud and money laundering;
  • Communications: Facilitating communication with you regarding your application; 
  • Taking legal action: Pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures; and
  • Compliance and safety: Complying with legal (including, in respect of Sensitive Information, obligations under employment law) and other requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas. This includes complying with applicable public health guidelines and requirements related to the prevention and control of COVID-19 or other infectious diseases, as well as ensuring the health and safety of employees by controlling access to and monitoring our physical premises (e.g. by requiring health screenings to access Company offices/facilities).

There may be more than one purpose that justifies our use of your EU and UK Personal Information in any particular circumstance.

We will only use your EU and UK Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your EU and UK Personal Information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

If you fail to provide certain EU and UK Personal Information when requested, we may not be able to review your application, or we may be prevented from complying with our legal obligations.

Disclosures to third parties

We share EU and UK Personal Information with the following unaffiliated third parties:

  • Service Providers: Companies that provide products and services to the Company such as human resources services, IT systems suppliers and support and background check providers, recruiters and headhunters, and hosting service providers; and
  • Public and Governmental Authorities: Entities that regulate or have jurisdiction over the Company such as regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement requirements.

5.  Transfer of EU and UK Personal Information

The Company may disclose EU and UK Personal Information throughout the world to fulfill the purposes described above. This may include transferring EU and UK Personal Information to other countries (including countries other than where an EU or UK Applicant is based and located outside the European Economic Area (“EEA”) and UK) that have different data protection regimes and which are not deemed to provide an adequate level of protection for EU and UK Personal Information. To ensure that EU and UK Personal Information is sufficiently protected when transferred outside the EEA and UK the Company has put in place protective measures. Further information regarding the Company’s protective measures is available from our Data Protection Officer.

6. Data Security

The Company will take appropriate measures to protect EU and UK Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of EU and UK Personal Information.

Access to EU and UK Personal Information within the Company will be limited to those who have a need to know the information for the purposes described above, and may include personnel in HR, IT, Compliance, Legal, Finance and Accounting.  Such personnel will generally have access to EU and UK Applicants’ business contact information such as name, desired position, telephone number, postal address and email address.

The Company has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach of your EU and UK Personal Information where we are legally required to do so.

7.  Data Retention

The Company’s retention periods for EU and UK Personal Information are based on business needs and legal requirements.  We retain EU and UK Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, as set out in this Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.  When EU and UK Personal Information is no longer needed, we [either irreversibly anonymise the data (and we may further retain and use the anonymized information) or] securely destroy the data. [For more information on specific retention periods, please refer to the Company’s Data Retention Policy].

8.  Data Accuracy 

The Company will take reasonable steps to ensure that the EU and UK Personal Information processed is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice. 

9.  Automated Decisions

The Company does not envisage that you will be subject to decisions that will have a significant impact on you based solely on automated decision-making.  The Company will notify you in writing if this position changes.

10.  Your Rights

You have the right, in certain circumstances, to object to the processing of your EU and UK Personal Information.  You can exercise this right by contacting Liz Sweet, VP of People at liz.sweet@snorkel.ai.  

You also have the right, in certain circumstances, to access your EU and UK Personal Information, to correct inaccurate EU and UK Personal Information, to have your EU and UK Personal Information erased, to restrict the processing of your EU and UK Personal Information, to receive the EU and UK Personal Information you have provided to the Company in a structured, commonly used and machine-readable format for onward transmission, and to object to automated decision-making.  If you wish to exercise any of these rights, please contact Liz Sweet, VP of People at liz.sweet@snorkel.ai.  Please note that certain EU and UK Personal Information may be exempt from such access, correction, erasure, restriction and portability requests in accordance with applicable data protection laws or other laws and regulations.

You also can file a complaint with your local data protection supervisory authority.  Please contact Liz Sweet, VP of People at liz.sweet@snorkel.ai for details of the relevant authority.

11.  Your Obligations

You should keep your EU and UK Personal Information up to date and inform us of any significant changes to your EU and UK Personal Information.     

12.  Questions or Complaints

Please contact the VP of People, Liz Sweet at liz.sweet@snorkel.ai with any questions or complaints regarding this Notice or the Company’s privacy practices.

Applicant’s Acknowledgment

I acknowledge that I have received a copy of the Company’s Personal Information Protection Notice for EU and UK Applicants and that I have read and understood it.

Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Snorkel AI’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.