Venon Solutions is seeking a Fractional Security Engineer/Sandbox Security Lead to conduct security audits and implement security controls. The role involves collaborating with an AI engineering team to build a secure framework for enterprise compliance and trust.
Responsibilities:
- Perform an initial security audit of the Sandbox environment, including architecture review, vulnerability assessment, data flows, AI model integrations, and access controls
- Design and implement core security controls: authentication/authorization (e.g., SSO, RBAC, MFA), encryption (at-rest and in-transit), logging/monitoring, and secure API practices
- Establish secure development and deployment practices (DevSecOps): CI/CD security scanning, container security (Docker/K8s), IaC security, and secrets management
- Advise on compliance with relevant standards (e.g., SOC 2, ISO 27001, GDPR, or client-specific enterprise requirements) and help prepare for formal audits
- Collaborate with the full-stack AI engineering team on secure integration of AI/ML models, video processing pipelines (e.g., FFmpeg/OpenCV-related), and cloud resources (AWS/GCP/Azure)
- Develop security documentation, policies, incident response playbooks, and training/guidance for the team
- Identify and prioritize quick wins vs. longer-term roadmap items; provide regular progress updates and risk reports to leadership
- Support ongoing security operations, threat monitoring, and response as needed (part-time scope)
Requirements:
- Advanced English level (B2/C1/C2) to ensure fluent communication
- 5+ years in cybersecurity, with 2+ years focused on cloud/AI/ML or SaaS platforms (preferably involving media, video, or creative tools)
- Strong Hands-on Experience With Cloud security (AWS, GCP, or Azure — IAM, VPC, WAF, GuardDuty/Security Hub, etc.)
- Strong Hands-on Experience With Container and orchestration security (Docker, Kubernetes)
- Strong Hands-on Experience With Secure coding practices, vulnerability management, and penetration testing concepts
- Strong Hands-on Experience With API security, OAuth, JWT, and modern auth frameworks
- Familiarity with AI/ML production risks (model poisoning, data leakage, inference attacks, etc.) is a strong plus
- Experience conducting security audits and building security programs from the ground up in fast-paced startup environments
- Excellent communication and collaboration skills — able to translate technical risks for product/leadership stakeholders
- Prior work in creative industries, video production tools, or enterprise e-commerce
- Certifications (e.g., CISSP, CISM, CCSP, AWS Security)
- Experience with FFmpeg/OpenCV ecosystems or AI content pipelines