LeoLabs

• Cloud Landing Zone Design and Implementation: Design, build, and maintain secure cloud landing zones across AWS and Azure environments. Implement account and subscription structures that separate workload zones, including commercial workloads, government workloads, Corporate IT, security services, and restricted CUI/ITAR environments. Build baseline controls for new cloud accounts and subscriptions, including owner tagging, logging, security baselines, routing, encryption, key policies, break-glass review, and monitoring requirements. Support landing-zone acceptance criteria so new cloud environments are provisioned with required guardrails before workloads are deployed. • Identity, Access, and Privilege Controls: Implement federated access patterns using SAML/OIDC, IAM Identity Center, Azure Entra ID, or comparable identity platforms. Support least-privilege access, role lifecycle management, JIT/PIM/PAM workflows, service account controls, and removal of shared accounts. Help automate credential rotation, secrets management, service account governance, and break-glass monitoring. Partner with the Security team to ensure privileged cloud activity is authenticated, authorized, logged, reviewed, and tied to approved workflows. • Cloud Security Guardrails and Policy-as-Code: Implement preventative and detective cloud guardrails using tools such as AWS Organizations, SCPs, AWS Config, Azure Policy, Defender for Cloud, Wiz, Terraform, CloudFormation, Bicep, or similar platforms. Codify baseline configurations for logging, encryption, network controls, public exposure prevention, security-group rules, storage policies, KMS/key vault use, and workload tagging. Monitor and remediate drift from approved cloud security baselines. Support detection and automated response for public admin exposure, cloud policy drift, unapproved data movement, stale credentials, and overly permissive IAM roles. • Cloud Network and Private Access Integration: Partner with the Network team to implement secure cloud network patterns, including hub-and-spoke networking, transit gateways, vWAN, private endpoints, centralized DNS, private admin paths, and controlled egress. Ensure cloud workloads are not exposed through unnecessary public interfaces. Support routing and connectivity decisions for radar telemetry and other cloud workload environments. Implement cloud-side controls for SASE/ZTNA access, private application access, firewall inspection, flow logging, and route governance. • Telemetry, SIEM, and SOC Enablement: Integrate cloud logs and security signals into centralized SIEM/SOC workflows. Onboard and maintain telemetry sources such as CloudTrail, AWS Config, VPC Flow Logs, Azure Activity Logs, NSG Flow Logs, Entra ID logs, KMS/Key Vault events, storage access logs, CSPM findings, vulnerability findings, and workload security events. Partner with the Security team to build detection use cases for exposed cloud services, privileged access anomalies, credential hygiene drift, data boundary violations, and cloud configuration drift. Support retention tiers, immutable logging, audit trails, alert evidence, and compliance reporting requirements.

• Design and implement secure network patterns that enforce identity, device posture, segmentation, logging, and policy-based access across users, sites, workloads, and administrative paths. • Implement and support SASE/ZTNA capabilities, including Cloudflare Government or comparable platforms, WARP/client access, private application access, gateway policies, DNS controls, and secure administrative access paths. • Help eliminate direct public administrative access to workloads by routing privileged access through approved identity-aware and policy-enforced access layers. • Develop network designs that support the principle that no workload, management interface, or privileged access path bypasses identity, policy, segmentation, and telemetry controls. • Lead the design and rollout of Network Access Control for office, edge, and remote site environments. • Implement or support 802.1X, RADIUS policy, device certificates, VLAN segmentation, and port-level admission control. • Segment remote site networks into appropriate zones, such as telemetry, management, vendor/service, and out-of-band management networks. • Design secure remote site connectivity using IPSec/private tunnels, certificate-based authentication, route controls, firewall policies, and deterministic telemetry paths. • Ensure edge and radar-site environments have no unnecessary public management exposure. • Implement firewall forwarding, tunnel telemetry, configuration backup, drift detection, and site-level logging into centralized monitoring and SIEM platforms. • Support data-source onboarding for firewall logs, VPN/IPSec logs, SASE logs, NAC events, DNS logs, VPC/NSG flow logs, and remote site device logs. • Create and maintain network diagrams, firewall rule documentation, routing designs, NAC policies, tunnel inventories, access paths, and operational runbooks.

• Design and maintain enterprise cybersecurity architecture across cloud, network, identity, application, endpoint, and data security domains. • Develop security standards, reference architectures, design patterns, and technical guardrails for enterprise systems. • Partner with engineering teams to ensure security is integrated into new and existing technology solutions. • Review architecture diagrams, technical designs, and implementation plans to identify security risks and recommend improvements. • Lead security architecture efforts for cloud platforms such as AWS, Azure, or Google Cloud. • Define and support security controls for identity and access management, zero trust, encryption, vulnerability management, endpoint protection, logging, and monitoring. • Evaluate emerging threats, technologies, and business requirements to recommend appropriate security solutions. • Support security risk assessments, threat modeling, and control validation activities. • Collaborate with Governance, Risk, and Compliance teams to align architecture with regulatory and industry frameworks such as NIST, ISO 27001, CIS, SOC 2, or similar. • Provide technical guidance during incident response, security investigations, and remediation planning. • Assess third-party tools, platforms, and vendors from a security architecture perspective. • Mentor security engineers, IT teams, and application teams on secure design principles and best practices. • Create clear documentation, diagrams, and executive-ready recommendations for technical and non-technical audiences.

• Manage our new AI team of approximately 5 engineers • Lead a cross-functional team of AI/ML Engineers, Data Engineers, and Software Engineers • Ensure AI/ML algorithms meet performance requirements • Ensure data lake meets internal and external needs • Drive excellence in agentic AI within the organization

• Serve as the central point of communication between Product Management and Engineering teams, ensuring alignment on product goals, priorities, and technical requirements. • Translate high-level product vision and business requirements into clear, actionable technical plans for engineering. • Facilitate continuous, transparent information flow so both teams share a unified understanding of what is being built, why it matters, how it will be executed, and when work will be completed. • Lead backlog grooming, ensuring that engineering has the context, clarity, and detail needed for effective planning and execution. • Ensure product cohesion across features and releases, maintaining alignment with overall product vision. • Document release notes and communicate updates to internal and external stakeholders.

• Gain experience sourcing candidates through available online resources • Conduct initial phone screens and engage with prospective candidates • Coordinate and manage a high volume of interviews across multiple time zones • Support the full recruiting lifecycle from sourcing through offer stages • Manage candidate activity in the applicant tracking system (Greenhouse), ensuring accurate data entry, compliance with recruiting processes, and accountability across all stages • Provide basic analysis and insights to support recruiting efforts and process improvements

• Play a key role in building and operating data pipelines and analytics infrastructure • Work closely with software engineers, radar and catalog teams, and data scientists • Ensure reliable extraction, transformation, and loading (ETL) of mission-critical datasets • Develop scalable batch and streaming data workflows • Enable advanced analytics and support machine learning initiatives • Help transform large volumes of sensor and orbital data into actionable intelligence • Engage in hands-on development with opportunities to grow into increased ownership of data platform design and optimization

• Play a critical role in designing, building, and operating AI- and machine learning-powered systems • Develop scalable pipelines, deploying models into production, and integrating AI capabilities into operational systems • Transform large-scale sensor and orbital datasets into intelligent systems that detect patterns, identify anomalies, and generate predictive insights • Own the full lifecycle of AI solutions—from data and feature pipelines to model deployment, monitoring, and continuous improvement • Contribute to model evaluation, analysis, or incremental improvements • Act as a technical leader in applied AI/ML within the Insights team • Drive adoption of best practices in model development, MLOps, and reproducibility.

• Monitor and analyze on-orbit events including maneuvers, proximity operations, fragmentation, and deployment activity • Retrieve and interpret measurement data, TLEs, and catalog states to assess anomalies • Draft internal assessments and customer-facing explanations of operational events • Support live launch monitoring, initial object acquisition, and catalog stabilization • Identify non-nominal deployment patterns or anomalous behaviors • Assist with early TLE validation and catalog accuracy • Support workflows aligned to Joint Commercial Operations (JCO) practices • Contribute to high-interest event reporting, launch coordination, and anomaly notifications • Communicate findings in accordance with government-facing standards • Utilize APIs to retrieve and analyze measurement and catalog data • Build lightweight Python scripts to automate event analysis and operational workflows • Collaborate with product and engineering to improve operational tooling • Respond to customer inquiries regarding launches, anomalies, and catalog interpretation • Prepare clear operational summaries and mission-aligned explanations • Serve as a trusted analytical resource during time-sensitive events

• Manage end-to-end payroll processing with a high degree of accuracy and timeliness • Ensure full compliance with federal, state, and local tax laws and payroll regulations • Oversee payroll tax filings, payments, and reporting (e.g., W-2s, 941s, and other statutory filings) • Stay current on changes in tax legislation and payroll compliance requirements • Own payroll month-end close, including payroll journal entries and payroll-related balance sheet reconciliations • Perform payroll account reconciliations and resolve discrepancies • Partner with Accounting/Finance to support month-end and year-end close • Maintain strong internal controls and support audit requirements (including SOX, if applicable) • Collaborate with HR on compensation, benefits, and employee data changes • Manage payroll systems and ensure data integrity across platforms • Drive continuous improvement across payroll workflows, controls, and documentation as the company scales globally