Head of Security Engineering
Description
Over the next 10 years, biotech will fundamentally rewrite the way we live. Gene editing and cell therapy will dramatically change how we treat cancer and other major illnesses. Biofuels and biomaterials will transform the cars we drive, the clothes we wear, and the makeup of everyday objects. Crop science and synthetic biology will produce sustainable and ethical food. Benchling’s mission is to accelerate the research that propels us towards this future, and magnify its impact, through modern software.
Every day, scientists around the world use Benchling in their efforts to solve humanity's most pressing problems. For these scientists, Benchling is the central technology they use to conduct their research.
Benchling was founded by a team of MIT graduates and has raised funding from Benchmark, Andreessen Horowitz, Thrive Capital, and Y Combinator. Our customers include pharmaceutical giants, leading biotechs, and the world's most renowned research institutes.
Responsibilities
- Lead security strategy for our products and services, understanding current and future customer needs and how that overlay with modern threats and risks.
- Be the thought leader on product security features, competitive landscape, and industry norms (when it comes to product security features).
- Lead and develop team(s) of engineers that will partner with the Product Design, Software Engineering, and Infrastructure Engineering organization's security and privacy initiatives, including security design reviews and threat modeling.
- Translate product strategy into detailed requirements, user stories, and prototypes.
- Develop processes and standard workflows for black-box and grey-box penetration testing, assessment, and code reviews of services, product offerings and partner apps including SaaS, PaaS, and mobile.
- Lead efforts to evolve SDLC and our cloud security model to meet modern threats and risks.
- Partner with Product and Engineering leaders to define how security workflows can be integrated with their respective workflows.
- The team researches new attack vectors and techniques relevant to our space and presents findings to both internal and external audiences.
- The team researches known vulnerabilities and collaborates with engineers on the best ways to mitigate and reduce risk.
- The team evaluates external tooling, develops new automation and tooling.
- The team develops secure coding practices, cloud security practices, and trains engineering teams.
- Interface with customers’ security teams when they are scoping and performing security assessments.
- Participate in our incident response and vulnerability remediation efforts.
- Guide engineers and teams through both technical and professional development.
- Recruit, lead, and develop team(s) to provide for company outcomes, customer outcomes, and team member outcomes.
Minimum Qualifications
- B.S. / M.S. in Computer Science or related experience
- 3-5+ years of security engineering management experience
- Experience recruiting, leading, and managing multiple ICs and managers
- 5-7+ years work experience in an application security role
- 5-7+ years with code reviews, pentesting, and threat modeling experience
- 5-7+ years of experience working with security in AWS environments
- Relevant development experience in multiple languages: Python, Java, Javascript/Typescript
- Experience with CI/CD and software deployment automation tools
- Prior experience implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing
- In-depth experience identifying, protecting against, and exploiting web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
- Strong knowledge of the browser security model, modern network security, cloud security, and IAM.
- Strong understanding of risk evaluation and application security vulnerability management processes.
- Excellent written and oral communication skills, including experience presenting to executive leadership, participating in the sales cycle, and handling sensitive customer escalations.
Bonus Points
- OSCP (or similar) certification
- Red Team experience
- Software engineering experience
- Contributions to the security community via talks, papers, blogs, projects, CVEs, etc.
- Technical leadership skills (you enjoy being a tech lead, mentoring technologists, evangelizing security and privacy)
- A good sense of humor!
OUR VALUES
- Empower through information. We explain the “why” behind every decision, unless there are highly sensitive circumstances. We're honest about how we're doing, especially in difficult times. We believe that sharing information builds trust and enables better decision-making.
- Rely on tenacity. Hard work is one of the greatest factors to determine success and is fully under our control. We must make the most of every day by bringing the highest level of determination. Dreaming big is not enough.
- Raise the bar. Pushing ourselves and others to improve will be uncomfortable and at times result in failure. However, it's critical to our success. We're dedicated to creating a place where everyone feels challenged to improve.
- Build a lever. We choose to build tools and infrastructure that will help others make world-changing innovations. There's less glory in it, but in the words of Archimedes, "Give me a lever long enough and a fulcrum on which to place it, and I shall move the world."
PERKS AND BENEFITS
- Work with a talented yet humble team
- Competitive compensation & equity package
- Monthly health & wellness stipend
- 401k
- Medical, dental, and vision insurance
- Weekly virtual social events, and annual company retreats
- *$1,000 work-from-home stipend
*In following best practices and safety protocols, all Benchling employees are expected to work remotely until we are further advised that it is safe for employees to resume work in their respective office locations. To support remote work conditions, Benchling provides each employee a one-time stipend of $1,000 upon commencing employment, and additional discounted employee purchase plans for home-office equipment.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We also consider for employment qualified applicants with arrest and conviction records, consistent with applicable federal, state and local law, including but not limited to the San Francisco Fair Chance Ordinance.