Science · 10 hours ago
Security Engineer
Alameda, CA
Full-time
Onsite
Senior Level
$160K/yr - $220K/yr
7+ years expScience is a clinical stage, vertically integrated technology company focused on solving some of neuroscience’s hardest questions and most serious unmet medical needs. They are seeking a Security Engineer who will design and implement the company’s technical security controls across the corporate network and production & development environments, owning security across the company’s product, infrastructure, and corporate IT.
BiotechnologyMedicalNeuroscience
Responsibilities
Partner with our fractional CISO to design and implement a holistic security program with controls across the entire hybrid infrastructure: on-prem servers and services, IoT/lab systems, cloud workloads, local workstations, and SaaS
Serve as primary point of contact within the business for all technical inquiries work related to cybersecurity and technology risk management
Be the primary change agent to drive adoption of enhanced security controls and processes across the company
Broadly educate colleagues to the requirements of regulations the company may be subject to, including GDPR & CCPA
Regularly report to executive leadership and principal stakeholders about ongoing changes
Collaborate with key principals to account for unusual requirements of scientific equipment
Establish security metrics and KPIs to track posture improvements and communicate risk trends to leadership
Participate in on-call rotation and respond to critical security incidents outside business hours
Collaborate with the software team to integrate application security (threat modeling, SAST, dependency management, and secure CI/CD) into the overall software development life cycle
Guide developers on secure coding practices and assist in reviewing designs for data protection and compliance
Deploy and maintain tools which reduce risks related to software development
Support product teams in implementing privacy-by-design principles
Partner with IT to harden servers, networks, and endpoints; define baseline configurations and asset inventory processes
Own technical incident response: detections, containment, remediation, and post-hoc forensics
Manage access via identity plane and network segmentation
Harden Google Workspace configurations
Enhance forensics and detections through centralized logging within the corporate infrastructure, cloud presence, and custom applications
Automate vulnerability management and patch processes for both on-prem and cloud systems
Improve corporate resiliency with a robust disaster recovery program which covers both traditional disaster scenarios and attacks by malicious parties, both internal and external
Leverage integrations and automation to move the company closer to adherence with zero-trust principles
Evaluate and deploy new security tools and technologies as appropriate for scale and risk
Serve as the technical counterpart to our fractional CISO, translating strategy into engineering implementation
Mentor IT and software engineers on security practices
Manage relationships with external vendors and consultants supporting security operations
Qualification
Required
7+ years of experience in security engineering, infrastructure security, or DevSecOps
Ability to work autonomously and context-switch across product security, infrastructure, and corporate IT, without dedicated teams for each
Strong knowledge of Linux administration, network security, and cloud platforms (AWS, Azure, or GCP)
Experience with endpoint management across mixed OS environments (Windows, MacOS, Linux)
Strong experience with security and privacy requirements for healthcare or regulated data
Hands-on capability to script & automate, specifically with regards to on-prem infrastructure such as workstations, servers, and network kit
Track record of building security programs from the ground up or during high-growth phases
Experience managing security incidents from detection through resolution, including coordination with legal, compliance, and external parties (law enforcement, vendors, regulators)
Preferred
Experience securing research, laboratory, or healthcare environments with specialized equipment and regulatory requirements (FDA, HIPAA, or equivalent)
Experience with medical device security or FDA regulatory compliance
Security certifications (CISSP, OSCP, CEH, or cloud security certifications)
Background in threat intelligence or security research
Benefits
Competitive salary and equity
Medical, dental, vision and life insurance
Flexible vacation and company-paid holidays
Healthy meals and snacks provided for non-remote employees
Paid parental, jury duty, bereavement, family care and medical leave
Dependent Care Flexible Spending Account, subsidized by Science
Flexible Spending Account
401(k)
Company
Science
Science is a clinical-stage medical technology company focusing on neuroscience and addressing serious unmet medical needs.
51-200 employees
H1B Sponsorship
Science has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (8)
2023 (9)
2022 (6)
2021 (4)
2020 (11)
Funding
Current Stage
Growth StageTotal Funding
$177.32MKey Investors
Khosla Ventures
2025-04-14Convertible Note· $104M
2024-06-06Series Unknown· $26M
2021-07-21Seed· $47.32M
Leadership Team
Max Hodak
Founder & CEO
Darius Shahida
Chief Strategy Officer
Recent News
2025-12-11
thepeninsulaqatar.com
2025-11-28
Company data provided by crunchbase