Senior Security Engineer

February 4

🏄 California – Remote

Although this job is listed in California, this company may be open to hiring remote in other states.

⏰ Full Time

🟠 Senior

👮‍♂️ Security Engineer

Apply Now

Receive Emails with Similar Jobs

BioRender

WebsiteLinkedInAll Job Openings

BioRender is a platform that enables scientists and researchers to create professional scientific figures quickly and easily. It offers a vast library of over 50,000 curated icons and templates across more than 30 fields of life sciences, including immunology, microbiology, and neuroscience. The tool is designed for ease of use with drag-and-drop functionality, allowing users to produce scientific figures up to 50 times faster than traditional methods. BioRender is trusted by over 2. 5 million scientists and used in over 1500 leading institutions, providing essential visual communication tools for scientific research, publications, presentations, and more.

Science Illustration • Science Communication • Technology • Startup • SAAS Startup

201 - 500 employees

🔬 Science

🧬 Biotechnology

⚡ Productivity

💰 Pre Seed Round on 2018-03

📋 Description

• At BioRender, we’re on a mission to accelerate the world’s ability to learn, discover, and communicate science — transforming how knowledge is shared and making science open, collaborative, and easily understandable by all. • We’re shaping the future of science communication and are looking for talented individuals to help bring this vision to life! 🚀 • As a Senior/Lead Security Engineer, you have a strong background in ethical hacking. You'll be responsible for conducting advanced penetration tests, vulnerability assessments, bug bounty program operation and work closely with engineering teams on implementing security best practices in Biorender’s flagship application. You'll leverage your deep understanding of the latest threats and attack vectors, along with your ability to develop and implement effective security measures. • Application Security: Create detailed design documents and guidelines for Engineering Teams. Ensure security requirements are detailed and integrated into all stages of the SDLC. • Penetration Testing & Threat mitigation: Execute comprehensive penetration tests on web applications, networks, and systems to identify security vulnerabilities. Conduct treat modeling, threat hunting, and log analysis across multiple environments. • Cloud Security & WAF: Implement and manage security controls in cloud environments (AWS and Cloudflare) to ensure secure cloud architecture and data protection. • Collaboration & Stakeholder Engagement: Work closely with IT, development, and business teams to integrate security best practices across all technology initiatives. Advocate for security within the organization. • Define Best Practices: Collaborate with security and engineering teams and stakeholders to enhance security posture and implement mitigation strategies. Assist in developing security policies, procedures, and guidelines to strengthen the organization's security framework. • Mentorship & Thought Leadership: Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques. Mentor and train other engineers, sharing knowledge and best practices. • Vulnerability Management: Conduct security assessments, penetration testing, and vulnerability scans to identify and remediate security gaps. • Security Architecture & Implementation: Design and implement robust security solutions and security architecture to protect against cyber threats, ensuring the integrity and availability of systems and data. • Security Tooling & Automation: Evaluate, deploy, and manage security tools such as SIEM, EDR, IDS/IPS, and endpoint protection solutions. • Incident Response & Monitoring: comfort with incident response frameworks. Proficient in leveraging security logs and/or a SIEM to detect, investigate, and respond to security events.

🎯 Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). • Minimum of 5 years of experience in security, ethical hacking, or penetration testing. • Strong knowledge of network protocols, operating systems, and security architectures. • Proficiency in using penetration testing tools such as Burp Suite, Kali, nmap, Wireshark, and Metasploit. • Experience with scripting and programming languages (e.g., Python, Bash, PowerShell, Go, Javascript) to develop custom tools and exploits. • Proficiency with AWS, CDN, WAF, modern web application and data pipelines (ie. Node.js, python). • Strong understanding of network security, cryptography, and secure coding practices. • Comprehensive understanding of OWASP Top Ten (WebApp, LLM, CI/CD) and common weaknesses and vulnerabilities, NIST. • Relevant certifications such as AWS Certifications (Solutions Architect, Security Speciality, etc.) GWAPT, OSWE, OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS courses (SEC540) are highly desirable. • Excellent problem-solving skills and the ability to think like an attacker (ie. active defender mindset). • Strong written and verbal communication skills, with the ability to develop documentation and explain technical details in a concise manner. • Proven ability to work independently and as part of a team in a fast-paced, dynamic environment.