Sequencing is a health-tech company focused on genomics and AI. They are seeking a Senior Security Engineer to lead security practices and protect sensitive health and genomic data while collaborating with various teams.
Responsibilities:
- Lead security testing for our web apps, APIs, cloud (AWS/OCI), Kubernetes, and on‑prem servers, and clearly document vulnerabilities you find
- Build security into our CI/CD pipelines with DevOps, including code and app scanning and stronger secrets management
- Work with bioinformatics to secure genomic data pipelines and protect PHI/PII in line with HIPAA requirements
- Set up and run security monitoring, alerting, and incident response, with practical playbooks and runbooks the team can follow
- Lead the technical work needed for HIPAA, SOC 2, and ISO 27001 readiness and future audits
- Help design and improve logging and SIEM use so the team can spot and respond to threats faster
- Translate security findings into clear, prioritized tasks that engineering and DevOps teams can execute
- Partner with engineers, DevOps, and bioinformatics so security is built into how we design, build, and ship systems
- Contribute to threat modeling and secure design discussions for new and existing services
- Maintain clear, concise security documentation, including standards, guidelines, and incident procedures
- Support vendor and third-party security assessments by reviewing findings and driving remediation with the team
- Provide input into security aspects of our architecture and infrastructure decisions
- Support security aspects of our performance tasks and assessments, including translating real-world attack methods into learnings for the team
- Help raise security awareness across the company by sharing best practices with engineers and partner teams
- Collaborate across time zones and functions to plan, prioritize, and communicate security work and trade‑offs
Requirements:
- 8+ years in security engineering, DevSecOps, or infrastructure security roles
- Strong hands-on penetration testing and vulnerability discovery skills, using both manual methods and tools
- Deep experience securing AWS and OCI cloud and Kubernetes (RBAC, IAM, network policies, containers, secrets), as well as bare metal and on-premises server environments
- Experience adding and tuning security tools in CI/CD (such as Semgrep, CodeQL, OWASP ZAP, Burp Suite)
- Comfortable with tools like Burp Suite, Metasploit or similar, OWASP ZAP, Semgrep or CodeQL, CloudTrail, Falco, Terraform, Docker, Git/GitHub, Cloudflare, and Google Workspace
- Experience with SIEM or log aggregation and real‑time detection and monitoring
- Familiarity with HIPAA, SOC 2, and how to protect PHI/PII in regulated or high‑sensitivity environments
- Clear written and verbal communication, especially for explaining security issues and recommendations to technical teams
- Ability to influence and collaborate with engineering, DevOps, and data teams without formal authority
- Comfortable working independently in a remote, fast-moving startup with limited existing security processes
- Experience with eCommerce and checkout security, including securing payment flows, cart and order APIs, and protecting against fraud, skimming attacks, and checkout abuse
- OSCP, OSCE, or equivalent certifications are a plus; we value candidates with real-world offensive experience, not just institutional credentials
- Experience with vulnerability research, responsible disclosure, or red team operations is a strong plus