Application Security Engineer
Over the coming years, biotech will fundamentally rewrite the way we live. Gene editing and cell therapy are dramatically changing how we treat cancer and other major illnesses. Biofuels and biomaterials are transforming the cars we drive, the clothes we wear, and the makeup of everyday objects. Crop science and synthetic biology are producing sustainable and ethical food. Benchling’s mission is to accelerate the research that propels us towards this reality, and magnify its impact, through modern software.
Every day, scientists around the world use Benchling’s applications, platform, & analytics in their efforts to solve humanity’s most pressing problems. For these scientists, Benchling is the central technology they use to conduct their research. Our customers include pharmaceutical giants, leading biotechs, and the world’s most renowned research institutes.
WHAT YOU WILL WORK ON
- Partner with both the Product Design and Software Engineering organization's security and privacy initiatives, leading security design reviews and threat modeling.
- Partner with Product Design and Software Engineering on security feature roadmaps.
- Black-box and grey-box penetration testing, assessment, and code reviews of services, product offerings and partner apps including SaaS, PaaS, and mobile.
- Research new attack vectors and techniques relevant to our space and present findings to both internal and external audiences.
- Research known vulnerabilities and collaborate with engineers on the best ways to mitigate and reduce risk.
- Participate in our incident response and vulnerability remediation efforts.
- Evaluate external tooling, develop new automation and tooling.
- Evolve SDLC to meet modern security threats and risks.
- Develop lightweight processes to embed into Product Design and Software Engineering workflows.
- Develop secure coding practices and train engineering teams.
- Interface with customers’ security teams when they are scoping and performing security assessments.
ABOUT YOU
- B.S. / M.S. in Computer Science or related experience.
- Relevant development experience in multiple languages: Python, Java, Javascript/Typescript
- 3-5+ years work experience in an application security role.
- 3+ years with code reviews, pentesting, and threat modeling experience
- In-depth experience identifying, protecting against, and exploiting web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Strong knowledge of the browser security model, modern network security, and cloud security.
- Strong understanding of risk evaluation and application security vulnerability management processes.
BONUS POINTS
- OSCP (or similar) certification
- Red Team experience
- Software engineering experience
- Contributions to the security community via talks, papers, blogs, projects, CVEs, etc.
- Technical leadership skills (you enjoy being a tech lead, mentoring technologists, evangelizing security and privacy)
- A good sense of humor!
Benchling welcomes everyone. We believe every member of our team enriches our diversity and inclusion by broadening our ways of problem-solving for future challenges. Even if you don't meet 100% of the qualifications for this job, we strongly encourage you to apply.
LEADERSHIP PRINCIPLES
- Admit mistakes and shortcomings
- Deliver results
- Disagree and commit
- Obsess over customers
- Rely on work ethic
- Show empathy
- Recruit and develop the best
- Sweat the details
- Think and communicate clearly
- Unite around the mission
PERKS AND BENEFITS
- Work with a talented yet humble team
- Competitive compensation & equity package
- Quarterly mental health days
- Weekly virtual social events, and annual company retreats
- 401k, Medical, dental, and vision insurance (US Employees Only)
- Monthly health & wellness stipend (Currently US Employees Only)
- Yearly educational stipend (Currently US Employees Only)
- To support remote work conditions, Benchling provides each employee a one-time stipend of $1,000(USD) upon commencing employment, and additional discounted employee purchase plans for home-office equipment.
In following best practices and safety protocols, all Benchling employees are expected to work remotely until we are further advised that it is safe for employees to resume work in their respective office locations.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We also consider for employment qualified applicants with arrest and conviction records, consistent with applicable federal, state and local law, including but not limited to the San Francisco Fair Chance Ordinance.