Senior & Lead Application Security Engineer (Sunnyvale)

Picture a company redefining how life sciences harness data one that turns the noise of fragmented scientific systems into the clarity that accelerates discovery, development, and ultimately, human progress.

This Scientific Data Cloud pioneer has built a cloud-native ecosystem engineered specifically for the life sciences, connecting laboratory instruments, informatics systems, and analytics applications into a single, intelligent network. The result : harmonized, actionable scientific data that transforms R&D velocity and precision across discovery, development, and manufacturing.

Trusted by the worlds leading biopharma innovators, their open platform serves as the digital nervous system for scientific operations empowering researchers and partners to unlock insights at unprecedented scale.

Think of it as the Palantir of Life Sciences designed not just to visualize complexity, but to ingest and process petabytes of scientific data through advanced taxonomies and ontologies that bring structure, context, and meaning to an otherwise chaotic scientific landscape.

Through deep collaborations with global leaders in cloud computing and AI, this company is building the foundation for a new era of Scientific Intelligence one where every experiment, every dataset, and every discovery is connected, contextualized, and exponentially more powerful than before.

Senior & Lead Application Security Engineers

Were looking for a hands-on Product Security Technical Lead to drive the design, implementation, and evolution of our security engineering program. Youll lead a team of Security Engineers focused on hardening our SaaS and data platforms by breaking things before attackers do identifying vulnerabilities, building secure infrastructure, and integrating protection across our CI / CD pipelines.

This role demands deep technical expertise across AWS, Python, and application & cloud security, along with a hackers curiosity and a builders discipline.

Why This Role :

Youll have complete ownership of product and cloud security from architecture to execution.

Youll lead by doing hacking, breaking, and building resilient systems.

Be part of a company where security isnt an afterthought its a product feature.

Job Responsibilities

Own and evolve the organizations entire application security posture, with a focus on application and cloud security across all product lines.

Perform offensive and defensive security assessments threat modeling, code review, penetration testing, and vulnerability exploitation.

Build and integrate automated security tooling (SAST, DAST, dependency scanning, IaC scanning) into CI / CD pipelines.

Develop security automation and internal tooling using Python, Bash, or Go.

Partner with Engineering, DevOps, and Infrastructure teams to ensure secure AWS architectures (VPC, IAM, KMS, GuardDuty, CloudTrail, WAF).

Oversee incident response and root cause analysis for product and infrastructure-level security events.

Define and enforce secure coding standards, and lead threat modeling sessions for critical features and services.

Continuously hunt for vulnerabilities, test assumptions, and break things safely to strengthen the platform.

Preferred Qualifications :

Certifications such as AWS Certified Security Specialty, OSCP, or CISSP.

Experience in SaaS, Big Data, or high-scale distributed environments.

Knowledge of MITRE ATT&CK, OWASP Top 10, and secure software design principles.

Required Skills & Experience :

8+ years of hands-on experience in Application, Cloud, or Product Security roles, with lead or staff-level responsibilities.

Deep expertise in AWS security architecture and service hardening.

Advanced programming and scripting ability in Python (Bash or Go a plus).

Proven experience with offensive security : hacking, exploit analysis, or red team operations.

Strong foundation in vulnerability management, threat modeling, and incident response.

Proficient with DevSecOps tools and modern CI / CD environments.

Familiarity with container and orchestration security (Docker, Kubernetes, EKS).

Required Education

Bachelor's degree in computer science or another equivalent degree.