~/security $ whoami_

Jarred
Hunter

about

Principal-level engineer with 12+ years architecting, building, deploying, and improving secure SaaS and PaaS platforms, from late-stage startups to global enterprises. I've worn many hats along the way: Systems Architect, DevOps Engineer, SaaS/PaaS Platform Engineer, Forward-Deployed / Resident Solutions Engineer, and now Security Platform Engineer. Across startups at every stage and large corporations alike, one constant has remained: I love solving the engineering challenges that security work presents. Lately that's landed at the intersection of AI/ML security, zero-trust identity, and cloud-native platform engineering: building security platforms powered by AI and LLMs, and securing the models, agents, and pipelines the next decade will run on.

./view-work linkedin github
12+
Years Experience
role
Senior Security Platform Engineer
based
Alabama, US
focus
Platform Engineering · Cloud Security · AI/ML Security · Zero-trust · Agentic Systems

// current projects

Securing the model layer.

The hard problems are moving up the stack — from securing infrastructure to securing the models and agents running on it. This is where I'm focused now.

01
Model Security & Hardening

Protecting models against extraction, inversion, poisoning, and adversarial inputs. Threat modeling the full ML lifecycle — from training data integrity to inference-time defense.

adversarial robustnessmodel extraction defensesupply-chain integrity
02
Agent Guardrails

Building the policy and enforcement layer for autonomous agents — OPA-backed tool-use governance, prompt injection defense, and runtime constraints on what an agent can actually access and do.

OPA / Regoprompt injection defensetool-use policy
03
Distillation & Optimization

Distilling and optimizing models for secure, cost-efficient self-hosted deployment — shrinking frontier capability into controllable, auditable models you actually own.

model distillationquantizationself-hosted inference
04
Secure Model Infrastructure

Architecting cloud infrastructure to run models securely — isolated inference environments, secrets-managed model access, network segmentation, and zero-trust identity for AI workloads.

isolated inferencesecrets managementzero-trust AI workloads

// skills

Stacks.

AI / ML Security & Tooling

Model Hardening Agent Guardrails Prompt Injection Defense OPA / Rego Model Distillation Quantization Anthropic API llama.cpp · Ollama Qwen2.5 · DeepSeek-R1 AWS SageMaker MCP Protocol MLOps Pipelines

Security & Zero-Trust

HashiCorp Vault HashiCorp Boundary Sentinel Wiz CNAPP Prisma Cloud CrowdStrike Falcon SonarQube Snyk Threat Modeling OWASP SIEM TLS OIDC CSPM · CIEM SOC 2 · ISO 27001 PCI DSS · HIPAA

Cloud Services

AWS Azure GCP

Automation & IaC

Terraform Terraform Enterprise Terragrunt Crossplane Pulumi CloudFormation Ansible

Microservices

Docker Kubernetes EKS AKS GKE Helm vCluster KEDA Karpenter Velero Linkerd Consul Rancher Packer

CI / CD

ArgoCD GitHub Actions GitLab Jenkins Azure DevOps Artifactory

Observability

Prometheus Grafana Datadog New Relic CloudWatch OpenTelemetry

Data

Snowflake Kafka RDS PostgreSQL MySQL MS SQL

Operating Systems

Linux Windows

Languages

Go Python Bash PowerShell Groovy HCL Rego (OPA)

// experience

Where I've shipped.

Current
Senior Security Platform Engineer

Senior Security Platform Engineer responsible for architecting and deploying Wiz CNAPP across multi-cloud (AWS/Azure) estates — agentless cloud scanning, KSPM, and shift-left IaC/SAST gating integrated into CI/CD pipelines. Govern compliance frameworks (CIS, NIST, SOC 2, FedRAMP) and build automated finding-to-remediation workflows via Jira and ServiceNow, eliminating manual triage at scale.

HashiCorp / IBM
Senior Forward-Deployed / Resident Solutions Engineer

Embedded inside large enterprise customers to design and automate secure cloud operating models on the HashiCorp stack.

  • Zero-trust: Phased Boundary and Vault rollouts hardening access to critical resources across Azure and AWS
  • Policy-as-code: Sentinel guardrails enforcing CIS benchmarks on Terraform deployments
  • CNAPP: Deployed Wiz across multi-cloud; auto-routed critical findings to Jira via API
  • Integrations: Okta/Azure AD, GitHub Actions, ServiceNow, Datadog
Comcast
Senior Security Platform Engineer (Lead)

Led a globally distributed platform team building security tooling and internal platform capabilities.

  • Shift-left: SonarQube SAST and Snyk SCA in CI/CD, blocking high-severity findings before production
  • Threat modeling: Mapped trust boundaries and drove findings to remediation closure
  • Hardening: Terraform + OPA secure baselines; CIS-hardened EKS with RBAC and network policy
  • MLOps: Built sync and async ML workflows in AWS SageMaker for training and inference
Jobcase
Senior DevOps Engineer (Lead)
Meazure Learning
Senior DevOps Engineer
Olive AI
Senior DevOps Engineer
Kemper
SysOps Administrator III
UAB
Systems Analyst III
Altec Inc.
Systems Architect

// builds

Things I've actually shipped.

Currently building

in progress
Agent Guardrail Framework
OPA-enforced policy layer for autonomous IT-ops agents — runtime tool-use governance with layered prompt injection defenses, constraining what an agent can access and execute.
OPA / RegoAnthropic APIPython
in progress
Secure Self-Hosted Model Stack
Distilled, quantized models running in isolated inference environments — secrets-managed access, network segmentation, and zero-trust identity for AI workloads on owned infra.
llama.cppVaultk3d / Docker

Shipped

Terraform IaC Security Review Agent
Agentic AI pipeline reviewing Terraform plans for security misconfigurations, with OPA-enforced guardrails and prompt injection defenses built into the tool-calling layer.
Anthropic APIOPA / RegoTerraform
Boundary MCP Server
Full Model Context Protocol server for HashiCorp Boundary — 18 tools exposing session management, target access, and credential injection. Built in both Go and Python.
GoPythonMCP Protocol
Local LLM Security Lab
M-series inference infrastructure running Qwen2.5-32B and DeepSeek-R1-32B via llama.cpp and Ollama, purpose-built for adversarial testing and red-teaming agentic pipelines.
llama.cppOllamaDocker / k3d
Enterprise K8s Platform Reference
Multi-service Kubernetes platform design with Linkerd mTLS, CloudNativePG, Strimzi/Kafka, Flagger canary deployments, ArgoCD GitOps, and full observability stack.
KubernetesLinkerdArgoCD

// contact

Let's build something
worth securing.

Whether you're looking to bring in senior AI security engineering talent, need a consulting partner for model security or agentic platform architecture, or just want to talk about what governing autonomous systems looks like in production — I'd like to hear from you.

emailjarredhunter6@gmail.com linkedin/in/jarred-h-83204718 github/jhunter7 calendarRequest a 15-min coffee chat