Type: Project-based, 12 months with possible extension
Location: Fully remote, 4+ hours overlap with PST

We're supporting a Series B fintech that rebuilds credit scoring with alternative data. Their AI models handle sensitive financial information, and scaling securely is non-negotiable.

Responsibilities: 

• Design and enforce secure architecture for their multi-account AWS environment, focusing on the ML pipeline (SageMaker, EKS clusters, feature stores).

• Implement granular, just-in-time access controls for data science teams working with regulated data.

• Build the security layer for their CI/CD and GitOps workflows (ArgoCD, Terraform). Shift security left.

• Automate compliance checks (SOC 2, GDPR) for infrastructure-as-code and containerized workloads.

What You'll Build & Harden:

• Infrastructure Security: Secure network architecture (VPC, security groups, NACLs) for AI workloads. Implement guardrails via AWS Control Tower or Terraform.

• Identity & Data: Fine-grained IAM policies and service accounts for Kubernetes. Encryption in transit/at rest for model artifacts and training data.

• Pipeline Security: Security scanning for container images and ML model dependencies in CI. Secrets management for model serving.

• Monitoring & Response: Detective controls for anomalous behavior in the ML pipeline (e.g., unusual model access, large data extraction).

Requirements:

• Experience with securing AWS environments for data-intensive or ML applications (4+ years).

• Experience with Kubernetes security (pod security policies/admission controllers, network policies).

• Fluency in infrastructure-as-code (Terraform preferred) and scripting (Python, Go).

• Ability to translate compliance requirements (SOC 2, GDPR) into technical controls.

Differentiator:

• Experience with security for ML platforms (SageMaker, MLflow, Kubeflow) or big data stacks (Spark, Kafka).