The RoleThis role secures the infrastructure bridging GI's AI research and Medal's creator platform. You will harden our cloud environments, protect our data pipelines, and ensure our deployment systems are safe from supply-chain attacks and other threats.
You'll design secure-by-default foundations without slowing down research or product teams, blending off-the-shelf security tooling with custom guardrails where necessary. Your work directly reduces operational risk across both General Intuition and Medal.
What We're Looking For- You harden GCP (AWS equivalents fine), Kubernetes, and containers from the inside out - workload isolation, network segmentation, IAM discipline, and secure-by-default guardrails baked into Terraform, CI/CD, and deployments.
- You protect the data pipelines - encrypting and isolating the video/metadata ETL, with full logging and observability (Cloud Logging, SIEM, OpenTelemetry, Honeycomb) into how AI training data moves and is used.
- You own identity, access, and secrets - privileged-access visibility, key rotation, least-privilege baselines, workload identity, and PKI (cloud-native KMS / Secret Manager).
- You secure the software supply chain - scanned builds and dependencies, artifact provenance, hardened GitHub Actions runners.
- You run the op-sec program - threat modeling, red-team and tabletop drills, incident response, and external pen-tests.
- You keep us compliant across creator data and AI training data.
Our StackCloud: GCP (GKE, Cloud Run, Cloud SQL, GCS, Pub/Sub, BigQuery), Cloudflare + Akamai edge • IaC & CI/CD: Terraform, GitHub Actions • Identity & secrets: Cloud IAM, workload identity, KMS / Secret Manager • Observability: Cloud Logging, SIEM, OpenTelemetry, Honeycomb
