Lead Security Engineer
Science
Science is a clinical stage, vertically integrated technology company focused on solving some of neuroscience’s hardest questions and most serious unmet medical needs. We work to restore quality of life to those with debilitating conditions for which there are no treatment options, creating devices aimed at restoring vision, cognition, and mobility to patients who have lost it. To support progress across our industry, we provide state-of-the-art components and vertically integrated infrastructure for others to build on via Science Foundry.
We are looking for a Lead Security Engineer who will design and implement the company’s technical security controls across the corporate network and production & development environments. This hands-on, individual contributor role bridges IT, product development, and compliance, developing technical safeguards that protect research data, intellectual property, and connected lab environments.
Role responsibilities:
- Security Leadership
- Partner with our fractional CISO to design and implement a holistic security program with controls across the entire hybrid infrastructure: on-prem servers and services, IoT/lab systems, cloud workloads, local workstations, and SaaS.
- Serve as primary point of contact within the business for all technical inquiries work related to cybersecurity and technology risk management.
- Be the primary change agent to drive adoption of enhanced security controls and processes across the company.
- Broadly educate colleagues to the requirements of regulations the company may be subject to, including GDPR & CCPA.
- Regularly report to executive leadership and principal stakeholders about ongoing changes.
- Collaborate with key principals to account for unusual requirements of scientific equipment.
- Establish security metrics and KPIs to track posture improvements and communicate risk trends to leadership.
- Participate in on-call rotation and respond to critical security incidents outside business hours.
- Secure Product Development
- Collaborate with the software team to integrate application security (threat modeling, SAST, dependency management, and secure CI/CD) into the overall software development life cycle.
- Guide developers on secure coding practices and assist in reviewing designs for data protection and compliance.
- Deploy and maintain tools which reduce risks related to software development.
- Support product teams in implementing privacy-by-design principles.
- Infrastructure & Operations
- Partner with IT to harden servers, networks, and endpoints; define baseline configurations and asset inventory processes.
- Own technical incident response: detections, containment, remediation, and post-hoc forensics.
- Manage access via identity plane and network segmentation.
- Harden Google Workspace configurations.
- Enhance forensics and detections through centralized logging within the corporate infrastructure, cloud presence, and custom applications.
- Automate vulnerability management and patch processes for both on-prem and cloud systems.
- Improve corporate resiliency with a robust disaster recovery program which covers both traditional disaster scenarios and attacks by malicious parties, both internal and external.
- Leverage integrations and automation to move the company closer to adherence with zero-trust principles.
- Evaluate and deploy new security tools and technologies as appropriate for scale and risk.
- Team & Cross-Functional Work
- Serve as the technical counterpart to our fractional CISO, translating strategy into engineering implementation.
- Mentor IT and software engineers on security practices.
- Manage relationships with external vendors and consultants supporting security operations.
Key qualifications:
- 7+ years of experience in security engineering, infrastructure security, or DevSecOps.
- Strong knowledge of Linux administration, network security, and cloud platforms (AWS, Azure, or GCP).
- Experience with endpoint management across mixed OS environments (Windows, MacOS, Linux).
- Strong experience with security and privacy requirements for healthcare or regulated data.
- Hands-on capability to script & automate, specifically with regards to on-prem infrastructure such as workstations, servers, and network kit.
- Track record of building security programs from the ground up or during high-growth phases.
- Experience managing security incidents from detection through resolution, including coordination with legal, compliance, and external parties (law enforcement, vendors, regulators).
Preferred qualifications:
- Experience securing research, laboratory, or healthcare environments with specialized equipment and regulatory requirements (FDA, HIPAA, or equivalent).
- Experience with medical device security or FDA regulatory compliance.
- Security certifications (CISSP, OSCP, CEH, or cloud security certifications).
- Background in threat intelligence or security research.
Salary/Pay Range:
Science is required under California law to include a reasonable estimate of the compensation range for this role. We determine your level based on your interview performance and make an offer based on the indicated salary band. The base salary range for this full-time position is $160,000 - $220,000 annually + equity + benefits. Within the range, individual pay is determined by several factors, including job-related skills, experience, and relevant education or training. Please keep in mind that the equity portion of the offer is not included in these numbers.
Benefits:
At Science, our benefits are in place to support the whole you:
- Competitive salary and equity
- Medical, dental, vision and life insurance
- Flexible vacation and company-paid holidays
- Healthy meals and snacks provided for non-remote employees
- Paid parental, jury duty, bereavement, family care and medical leave
- Dependent Care Flexible Spending Account, subsidized by Science
- Flexible Spending Account
- 401(k)