Senior Security Engineer

Resilience is ushering in an era of “Biomanufacturing-as-a-Service” that we expect will displace in-house manufacturing as well as traditional contract manufacturing and development organizations (CDMOs).  We see this as a paradigm shift in biomanufacturing akin to the IT industry’s adoption of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) that rendered obsolete corporate-owned/operated data centers or corporate servers co-located in hosting facilities. 

Role 

As a Senior Product Security Engineer, you’ll be working directly with our Research & Development (R&D) and Application teams to drive security by design in our system development. You will be responsible for supporting threat modeling across services, and guiding teams to implement compensating controls in response to identified threats.

You will scope and drive security testing through the build and deploy process, including implementing tooling like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). You will work with external penetration testing firms to do exploitative tests of critical services, and work with engineers to resolve findings to reduce risk.

You will guide teams through the process of releasing to production with successful disaster recovery testing, onboarding security telemetry and monitoring, and the development of incident response run books.

Job Responsibilities

• Provide consultative expertise to the product team in threat modeling and control design to mitigate identified threats. Help engineering teams build security control stories into the development sprints.
• Provide product engineering teams with architectural review of applications, with a focus on security controls.
• Direct the implementation of security testing through automation in the build and deployment process.
• Scope and work with external testing firms to coordinate penetration testing on applications.
• Direct the successful testing of disaster recovery for released applications, and determine the priorities for which services to test.
• Guide product teams through the operational release including onboarding to security monitoring and the development of incident response runs books.

Qualifications

• 5+ years' experience in system engineering, building scalable, highly-available systems
• 5+ years' experience in developing solutions in Amazon Web Services (AWS)
• Proficiency in at least one or more languages (Rust, Python, etc.)
• In-depth understanding of CI/CD pipelines, containers, software cryptographic signing, and OSS dependencies
• Knowledge of risk management processes, including methods for assessing and mitigating inherent and residual risk using STRIDE or similar threat modeling methodologies
• Demonstrated experience planning & executing security assessments (e.g., dynamic testing, static testing, code review) of products, services, and associated cloud infrastructure.
• Excellent communication and collaboration skills, able to network, interact and influence at all levels of the organization, cross sector, cross-functionally and globally is required.

Preferred Experience

• Experience deploying systems in accordance with Controlled Unclassified Information (CUI) data handling requirements
• Familiarity with software maturity models such as OpenSAMM, BSIMM, and SDL
• Work or educational experience with ICS/OT/IoT/IIoT devices and security
• Experience with 21 CFR Part 11 or EudraLex Volume 4 – GMP Guidelines, Annex 11 and DFARS 252.204-7012 or NIST SP 800-171
• Outstanding communication skills with the ability to clearly articulate complex issues