Senior Security Engineer

Isomorphic Labs (IsoLabs) was launched in 2021 to advance human health by building on and beyond the Nobel-winning AlphaFold system. Since then, our interdisciplinary team of drug discovery experts and machine learning specialists has built powerful new predictive and generative AI models that accelerate scientific discovery at digital speed.

Our name comes from the belief that there is an underlying symmetry between biology and information science. By harnessing AI’s powerful capabilities, we can use it to model complex biological phenomena to help design novel molecules, anticipate how drugs will perform and develop innovative medicines to treat and cure some of the world’s most devastating diseases.

We have built a world-leading drug design engine comprising AI models that are capable of working across multiple therapeutic areas and drug modalities. We are continually innovating on model architecture and developing cutting-edge capabilities to advance rational drug design.

Every day, and with each new breakthrough, we’re getting closer to the promise of digital biology, and achieving our ambitious mission to one day solve all disease with the help of AI.

As a Senior Security Engineer, you will architect and manage the security of our groundbreaking ML-based platform and High Performance Computing (HPC) infrastructure. This role requires a highly proactive problem-solver who enjoys a fast-paced environment and possesses the curiosity to dive into diverse technical challenges. 

You will act as a versatile, T-shaped engineer, overseeing security solutions from initial requirement gathering to final implementation. By combining deep technical know-how with strong collaborative skills, you will ensure our security posture evolves as quickly as our research, managing the end-to-end lifecycle of our defense systems.

• →Secure Architecture and Product Engineering: Participate in the design and perform security reviews of our evolving AI platforms and underlying HPC infrastructure.
• →Infrastructure as Code (IaC) Security: Partner with our DevOps / SRE team to harden our cloud infrastructure and our network, ensuring security by design, automation and auditability through Policy as Code.
• →Third Party Systems Secure Integration: Perform deep-dive technical assessments of third-party platforms, AI solutions, Cloud or SaaS providers and support secure integration or deployment.
• →Secure CI/CD: Design and implement automated security controls within our CI/CD pipelines to ensure code is secure from commit to production without slowing down research velocity.
• →Threat Modeling & Risk Assessment: Conduct proactive threat modeling and risk assessment, support teams in the implementation of remediation plan and audit expected outcomes.
• →Incident Response: Act as a L2/L3 escalation point for the remediation of complex vulnerabilities and security incidents.
• →Identity & Access Management: Implement our state-of-the-art Zero Trust framework, ensuring robust access control and consistent enforcement of the principle of least privilege.
• →Risk Management and Compliance Automation: Bridge the gap between technical controls and regulatory requirements (GDPR, GxP, EU AI Act) by automating evidence collection and risk posture monitoring (CSPM).
• →Security Tooling Development: Build or integrate custom internal tools that automate repetitive security tasks, shifting our operational load from manual toil to scalable engineering.
• →End-to-End Solution Delivery: Manage the full lifecycle of security controls, from initial user needs analysis and requirements gathering to structured testing and phased implementation and communication, ensuring high-quality deployment followed by data-driven continuous improvement.

• Cloud Engineering Proficiency: Deep technical knowledge of cloud platform security (GCP preferred) including Network and VPC design, IAM policy construction, Cloud resources hardening and Cloud native security services.
• Analytical Risk Management and Problem Solving: Proficiency in assessing multi-faceted risks and decomposing complex security issues into manageable tasks and providing data-driven recommendations to stakeholders.
• Coding Skills: Ability to write small production-grade code (e.g. in Python) and to automate security tasks, build custom tooling, etc.
• DevSecOps Tooling: Hands-on experience with Infrastructure as Code (Terraform) and version control systems (GitHub) to manage security configurations.
• Container Security: Proven ability to secure containerized workloads (Kubernetes/Docker), focusing on image signing, runtime protection, and orchestration security.
• Network Security Fundamentals: Solid understanding of modern networking, including zero-trust architecture, encryption in transit (TLS/mTLS), and API gateway security.
• Identities and Access Management: Proficiency in implementing a state of the art IAM strategy both from an organisational and technical standpoints in a multi-tenant cloud environment.
• Collaborative Security Culture: Strong ability to support researchers in AI and Drug Discovery, leveraging excellent listening skills, to provide pragmatic advice that balances high-security requirements with business agility.
• Adaptability & Communication: Excellent soft skills with the ability to navigate an ambiguous, high-growth environment and explain technical risks to non-security audiences.
• Offensive Mindset: Strong understanding of the MITRE ATT&CK framework and the ability to think like an adversary to identify "blind spots" in our defense.

• AI/ML Security Interest: Familiarity with the unique security challenges of an AI first company and other common AI solutions such as LLMs.
• Regulated Industry Experience: Prior experience working in BioTech, Pharma where data integrity and regulatory compliance are paramount.
• Advanced Security Certifications: Holding industry-recognized credentials such as GSE, OSCP, CISSP or professional-level Cloud Security Engineer certifications.
• Application Security (AppSec): Experience with SAST/DAST/SCA tools and a strong understanding of the OWASP Top 10 vulnerabilities.
• Zero Trust Implementation: Past success in transitioning an organization away from traditional perimeter-based security toward a mature Zero Trust model.
• SecOps Maturity: Experience building or scaling a Security Operations Center (SOC) or a Modern Detection and Response (MDR) function.
• Collaboration Tool Mastery: Advanced experience securing and automating SaaS. In particular, Google Workspace, the Atlassian stack (Jira/Confluence), Slack.
• Bio-Pharma Experience: Prior exposure to GxP validation, clinical trial data protections, or the nuances of Lab-IT security.
• Privacy Engineering: Knowledge of PETs (Privacy Enhancing Technologies) like differential privacy or homomorphic encryption.

We are guided by our shared values. It's not about finding people who think and act in the same way. These values help to guide our work and will continue to strengthen it. 

>> Click to view other open roles at Isomorphic Labs