Toronto, CA

Senior Security Engineer

BenchSci's vision is to help scientists bring novel medicine to patients 50% faster by 2025. We do this by empowering scientists to run more successful experiments with the world's most advanced, easy to use biomedical artificial intelligence software platform, thereby avoiding delays that slow the progress of medicine to clinical trials. Backed by F-Prime, Inovia, Golden Ventures, and Google's AI fund, Gradient Ventures, we provide an indispensable tool for more than 41,000 scientists that accelerates research at 15 top 20 pharmaceutical companies and over 4,300 leading academic centers. We're a CIX Top 10 Growth company, certified Great Place to Work®, and top-ranked company on Glassdoor.

We are looking for a Senior Security Engineer to join our growing Core Infrastructure team! At the beginning, you will report to the Director of Engineering, Data & DevOps, but will eventually report to an Engineering Manager as our team grows. In this role, you will help validate that BenchSci's services are implemented to the highest security standards. You will also analyze the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. Importantly, you will take the lead on all application security-related matters and help us to ensure that all classified client data is kept confidential.

You Will:

    • Build and manage tools and libraries to help engineers deploy secure software
    • Make security an integral part of our CI/CD pipeline
    • Triage and resolve security vulnerabilities in the BenchSci Platform
    • Perform application security reviews
    • Own GDPR and SOC2 security compliance tracking
    • Create security guidance documentation
    • Partner with various teams across the organization to promote secure development practices and cultivate a strong security culture
    • Ensure we are maintaining an acceptable score on security benchmarks
    • Lead security engagements such as external pen tests and bug bounty programs
    • Monitor system and network to find vulnerabilities or breaches
    • Uncover infrastructure and application-level vulnerabilities as part of internal audits
    • Conduct system design reviews and guide engineers on building security into our architecture
    • Champion security at BenchSci

You Have:

    • 4+ years working as a software engineer with at least 3 years of experience in security
    • Experience in dealing with internal/external security audits and penetration tests
    • Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, network security
    • An understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
    • Experience integrating and tuning network security infrastructure
    • An understanding of web services
    • Experience with Infrastructure as Code tools such as Terraform, CloudFormation, or Config Connector
    • Security experience in GCP or AWS environments
    • Knowledge of industry benchmarks from “Center for Internet Security” or “Open Web Application Security Project”
    • A background in security and compliance audits such as GDPR and SOC2

Nice to haves, but not mandatory qualifications:

    • Experience in Python
    • Experience with Kubernetes
    • Experience with bug bounty programs

Our benefits and perks:

    • A compensation package that includes equity options
    • An annual Executive Health Assessment at Medcan (everyone gets the "executive treatment")
    • Effectiveness coaching for managers: Onsite, personalized coaching from an executive coach with a doctorate in clinical psychology
    • Mental health support including mindfulness sessions and a free Headspace account
    • Complimentary genome sequencing from 23andMe
    • Three weeks of vacation, plus another week (we're closed Dec 25-Jan 1)
    • Additional days off such as BenchSci summer day, your birthday, and more.
    • Work from anywhere flexibility. Every day right now, and up to 4 days per week once we return to the office
    • An onsite gym to keep fit with a Peloton and other great equipment
    • A great benefits package including health, dental and vision care

Here at BenchSci, these are our core values:

Focused: We focus on what will drive the greatest impact at all times.
Advancement: We believe in continuous growth, and discovering new ways to do things better. This applies to our product and business, but also to ourselves.
Speed: We recognize that without a sense of urgency, our team, our product and our mission lose their value.
Tenacity: What we’re trying to do isn’t easy, but we hire the best people, and give them the autonomy, tools, and resources to succeed. The hard work is up to them.
Transparency: We believe that sharing diverse ideas and information creates strong teams. Our success stems from research, collaboration, feedback, and trust.

Diversity, Equity and Inclusion: BenchSci is committed to creating an inclusive environment where people from all backgrounds can thrive. The work and commitment to diversity, equity and inclusion is our collective responsibility. That fundamental belief will guide us along our diversity, equity, and inclusion journey. We are just at the beginning, we will experience moments of discomfort and we may stumble along the way but we are committed to continuously improving and creating equitable and systemic change.

Accessibility Accommodations: BenchSci provides accessibility accommodations during the recruitment process. Should you require any accommodation, we will work with you to meet your needs.