About this role
Type: Project-based, 12 months with possible extension
Location: Fully remote, 4+ hours overlap with PST
We're supporting a Series B fintech that rebuilds credit scoring with alternative data. Their AI models handle sensitive financial information, and scaling securely is non-negotiable.
Responsibilities:
-
Design and enforce secure architecture for their multi-account AWS environment, focusing on the ML pipeline (SageMaker, EKS clusters, feature stores).
-
Implement granular, just-in-time access controls for data science teams working with regulated data.
-
Build the security layer for their CI/CD and GitOps workflows (ArgoCD, Terraform). Shift security left.
-
Automate compliance checks (SOC 2, GDPR) for infrastructure-as-code and containerized workloads.
What You'll Build & Harden:
-
Infrastructure Security: Secure network architecture (VPC, security groups, NACLs) for AI workloads. Implement guardrails via AWS Control Tower or Terraform.
-
Identity & Data: Fine-grained IAM policies and service accounts for Kubernetes. Encryption in transit/at rest for model artifacts and training data.
-
Pipeline Security: Security scanning for container images and ML model dependencies in CI. Secrets management for model serving.
-
Monitoring & Response: Detective controls for anomalous behavior in the ML pipeline (e.g., unusual model access, large data extraction).
Requirements:
-
Experience with securing AWS environments for data-intensive or ML applications (4+ years).
-
Experience with Kubernetes security (pod security policies/admission controllers, network policies).
-
Fluency in infrastructure-as-code (Terraform preferred) and scripting (Python, Go).
-
Ability to translate compliance requirements (SOC 2, GDPR) into technical controls.
Differentiator:
-
Experience with security for ML platforms (SageMaker, MLflow, Kubeflow) or big data stacks (Spark, Kafka).