Loading...
Loading...
Found 1,718 Skills
Guides product management for human data platforms—annotation and labeling products, workforce workflows, task design, quality systems (gold sets, adjudication, inter-annotator agreement), customer ML-team project delivery, contributor experience, and privacy-safe handling of human-generated training data. Use when prioritizing roadmap for labeling/RLHF/eval data platforms, writing PRDs for annotation or QA features, defining success metrics for throughput and quality, scoping enterprise customer workflows, or balancing cost-quality-speed tradeoffs—not for hands-on model training (data-scientist), warehouse/analytics pipelines (data-warehouse-engineer), generic BRD workshops without product lens (business-analyst), AI solution architecture for copilots (applied-ai-architect-commercial-enterprise), or control implementation for audits (compliance-engineer). UX flows: product-designer. Eval harnesses: prompt-engineer-agent-prompts-evals. Pricing/packaging for platform: product-management-monetization.
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
Guides microservice design and delivery—bounded contexts, service boundaries, REST/gRPC/event APIs, sync vs async tradeoffs, resilience (timeouts, retries, circuit breakers, bulkheads), per-service data ownership, saga and outbox patterns, twelve-factor containers, observability (logs, metrics, trace propagation), API versioning at gateways/meshes, and contract testing. Use for microservices developer, service boundary, bounded context, gRPC between services, circuit breaker, saga pattern, outbox pattern, twelve-factor, contract testing microservices, service decomposition, or event-driven microservice—not K8s platform ops (platform-engineer, site-reliability-engineer), enterprise iPaaS (enterprise-integration-api-developer), monolith-first apps (senior-software-engineer), or classified pipelines (classified-software-devsecops-engineer).
Guides senior system and solution architecture—cross-service boundaries, integration patterns, non-functional requirements (scale, reliability, security, cost), ADRs, C4-style modeling, architecture review, build-vs-buy, and phased migration (strangler, dual-write). Use when designing multi-service systems, evaluating platform or vendor choices, writing or reviewing architecture decision records, defining standards and principles, or assessing technical risk across domains—not for single-service RFCs and module design (senior-software-engineer), data platform or mesh decisions (data-architect), cloud landing zone, Well-Architected, and migration architecture (cloud-architect), cloud/IaC implementation (infrastructure-engineer, cloud-engineer), internal developer platform product (platform-engineer), or program tracking (technical-program-manager). For business strategy and cases, use business-consultant; for applied AI (RAG, agents, copilots), use applied-ai-architect-commercial-enterprise.
Guides technical program management for security coordinated vulnerability disclosure (CVD)— disclosure policy, intake and triage SLAs, researcher coordination, fix/remediation tracking, embargo and publication timelines, CVE/advisory coordination, bug bounty program operations, and cross-functional gates (security engineering, legal, comms, product). Use when running a CVD or responsible disclosure program, disclosure calendar, bounty ops, or unblocking multi-team remediation for reported vulnerabilities—not for hands-on pentest (offensive-security-analyst), SOC triage (defensive-security-analyst), vuln scanning in CI (devsecops), enterprise security strategy (cybersecurity), generic non-security programs (technical-program-manager), or contract redlines (commercial-counsel).
Guides product infrastructure security—securing the runtime, data plane, and control plane that ships with the product: multi-tenant isolation, service-to-service auth, customer data boundaries, secure defaults in APIs and workers, abuse-resistant rate limits, product-scoped secrets and encryption, and security design reviews for product infra changes. Use when threat-modeling product features, designing tenant isolation, hardening service mesh or internal APIs, reviewing product IaC/modules for data leaks, defining secure baselines for microservices the product team owns, or partnering on incidents affecting customer workloads—not for corporate IdP/SIEM (information-security-engineer), CI pipeline gates only (devsecops), SOC operations (defensive-security-analyst), authorized pentest execution (offensive-security-analyst), general IDP golden paths (platform-engineer), company-wide GRC (cybersecurity), or applied AI solution architecture for LLM features (applied-ai-architect-commercial-enterprise).
Guides digital forensics for security incidents—evidence acquisition and chain of custody, disk/memory/mobile/cloud artifact analysis, log and network forensics, timeline correlation, malware artifact triage, and investigation reports for legal/IR and expert-witness preparation outlines (not legal advice). Use when preserving and analyzing forensic artifacts, building super-timelines, documenting acquisition worksheets, triaging malware samples, or preparing forensic findings for counsel—not live incident command (incident-responder), SOC alert queue triage (soc-analyst), authorized penetration testing (penetration-tester), deep binary RE (reverse-engineer), LLM red team (ai-redteam), enterprise ISMS programs (information-security-engineer), audit control mapping (compliance-engineer), or cloud guardrail implementation (cloud-security-engineer).
Guides AI ops leadership—LLM SRE, model/prompt releases, eval/incidents, cost/capacity, vendors, and cross-functional cadence. Use for AI platform ops, LLM SLAs, incidents, rollout governance, unit economics, red-team/eval gates, and team rituals—not memory (ai-memory-developer), context code (ai-context-engineer), security programs (cybersecurity), token roadmaps (ai-token-improvement-plan-engineer), solution architecture (applied-ai-architect-commercial-enterprise), skills portfolio (ai-skill-manager), or vertical AI product eng management (engineering-manager-vertical-ai-products). Prompt/eval team management and golden-set release policy: engineering-manager-agent-prompts-evals. Safeguard inference platform: ml-infrastructure-engineer-safeguards. Safeguard model research: ml-research-engineer-safeguards.
Guides defensive security analysis—alert triage, log and SIEM investigation, threat hunting, detection engineering basics, MITRE ATT&CK mapping, incident scoping, containment recommendations, and DFIR evidence handling for SOC and blue-team analysts. Use when investigating security alerts, writing detection rules, tuning false positives, analyzing EDR/network/auth logs, building timelines of suspicious activity, recommending containment steps, or documenting findings for incident command—not for enterprise security strategy (cybersecurity), CI/CD pipeline hardening (devsecops), offensive pentest execution (authorize red team separately), or LLM adversarial testing (ai-redteam), or designing on-call rotations and postmortem programs (incident-management-engineer).
Guides actuarial work for insurance and reinsurance—pricing and rate adequacy, reserving and IBNR, loss development and triangles, mortality/morbidity and lapse assumptions, experience studies and credibility, capital and risk metrics at overview level, product design tradeoffs (life, health, P&C, annuity), and regulatory reporting concepts (NAIC, IFRS 17, Solvency II overview—not legal advice). Use when the user mentions actuary, actuarial, IBNR, loss development, reserve analysis, mortality table, pricing insurance, experience study, IFRS 17, loss ratio, combined ratio, credibility, or asks for assumption documentation and model governance for insurance products—not generic FP&A (financial-analyst), investment banking valuation (comps-analysis, dcf-model), legal policy interpretation (commercial-counsel), clinical trials, software-only implementation (senior-software-engineer), or broad GRC without actuarial models (compliance-engineer).
Guides commercial contract review and negotiation support for B2B agreements—MSAs, SaaS/order forms, vendor and customer contracts, DPAs, SLAs, limitation of liability, indemnity, IP, payment terms, and redline/issue logs with business impact notes. Use when reviewing or negotiating commercial terms, comparing vendor or customer paper, drafting negotiation positions, or triaging contract risk before sign-off—not for SOC/ISO GRC programs or vendor questionnaire ops (compliance-specialist), technical audit evidence (compliance-engineer), revenue recognition under ASC 606 (senior-revenue-accountant), or product requirements (business-analyst), strategy (business-consultant). Corporate/board: corporate-counsel. AI architecture for contract review: applied-ai-architect-commercial-enterprise. M&A economics mandate: transaction-principal. Drafting assistance only; human counsel must approve.
Design data architecture at enterprise and solution levels. Cover data mesh, lakehouse, governance, domain-driven design, conceptual/logical/physical data modeling, platform selection, and compliance frameworks. Produce ADRs, data model diagrams, platform comparison matrices, and governance policy templates. Triggers on "design data platform", "choose data warehouse", "data mesh", "lakehouse architecture", "data governance", "data modeling", "platform selection", "data architecture decision", "compliance framework", or "data strategy". For applied AI solution architecture (RAG data plane, embeddings, vector stores in commercial or enterprise products), use applied-ai-architect-commercial-enterprise. For dbt analytics layers and mart delivery, use analytics-data-engineer—not data-architect.