Biotechnology/ Senior Security Engineer

About the job

We are seeking a highly skilled and self-directed Senior Security Engineer to take the lead on proactively identifying and closing security gaps across our infrastructure, applications, and data pipelines.

This role requires deep offensive security expertise, with a strong emphasis on penetration testing, vulnerability discovery, and threat modeling across both cloud and on-prem environments.

You will work across engineering, DevOps, and bioinformatics teams, serving as a hands-on offensive security lead and a strategic partner to our architects.

You’ll plan and execute pen tests - internally or with vendors - across critical areas of the business, while also contributing to long-term security architecture and certification readiness (e.g., HIPAA, SOC 2).

This is a senior IC role with broad scope, deep technical expectations, and the opportunity to shape our security posture from the ground up.

What You’ll Do

• Lead the planning and execution of offensive security testing across web applications, APIs, infrastructure, and networks.
• Conduct manual and automated penetration testing and vulnerability assessments; document findings and guide remediation.
• Work with DevOps, architects, and engineering leads to embed security throughout CI/CD, infrastructure, and data workflows.
• Plan and run regular security audits and threat modeling sessions; coordinate with third-party firms when needed.
• Proactively identify and resolve security gaps in complex, custom systems spanning cloud and on-prem environments.
• Design, implement, and maintain security controls, tooling, and detection capabilities that scale with the business.
• Develop roadmaps for security certifications (e.g., HIPAA, SOC 2, ISO 27001) and lead technical implementation efforts.
•  

What We’re Looking For

• 6+ years of experience in security engineering, DevSecOps, or infrastructure security roles.
• Deep technical understanding of cloud security (AWS, OCI) and on-prem environments.
• Experience with container security, CI/CD hardening, key/secret management, and secure software development practices.
• Hands-on experience with security audits and penetration testing, whether conducted in-house or via third parties.
• Proven ability to create and execute security certification roadmaps (SOC 2, HIPAA, ISO 27001, etc.).
• Experience using AI or ML tools to enhance security initiatives, such as accelerating threat detection, automating security monitoring, improving anomaly detection, or integrating AI-driven platforms into incident response workflows.

• C1 English level.

   

Nice to Have

• Experience with security in regulated environments such as healthcare, biotech, or genomics (e.g., HIPAA, GINA, 21 CFR Part 11), ideally within rapidly scaling consumer health or healthtech platforms handling sensitive user data.
• Familiarity with securing ecommerce platforms, including fraud prevention and secure checkout workflows.
• Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit) or managing third-party pen test vendors.
• Security certifications such as CISSP, OSCP, or AWS Certified Security – Specialty.