Principal Engineer Product Security Job In Na

Job Description

Recursion is a clinical-stage biotechnology company decoding biology by integrating technological innovations across biology, chemistry, automation, data science and engineering to radically improve the lives of patients and industrialize drug discovery. Our team is working to solve some of the hardest, most meaningful problems facing human health today. Come join us in our mission to decode biology to radically improve lives, while doing the most impactful work of your life.

The Impact You’ll Make

• Develop and lead the implementation of the product security strategy (combination of web, mobile, API, cloud, infrastructure and container security) and framework to protect against current and emerging security threats
• Conduct threat modeling, risk assessments, and security reviews of products at various stages of the development lifecycle with a focus on shifting left
• Design and implement secure coding practices, encryption standards, and security testing methodologies in collaboration with development/ML teams and ensure our products are secure, resilient and trustworthy
• Serve as a subject matter expert on product security, providing education, guidance and mentorship to engineering teams and stakeholders across the organization
• Help integrate ML models (first and third-party) securely into our product ecosystem.
• Evaluate and implement security tools and technologies to improve the security posture of our products
• Stay updated on the latest security trends including ML-specific threats, vulnerabilities, and technologies to continuously refine and enhance product security measures.
• Detect security policy violations and drive security outcomes
• Scale security without slowing down the business objectives
• Develop and maintain security documentation, including security requirements, guidelines, and incident response plans
• Perform security assessments, code reviews, and penetration testing to simulate real-world cyber attacks
• Lead security incident response efforts, including investigation, mitigation, and the development of preventative measures.
• Collaborate with stakeholders across the organization to ensure compliance with evolving AI security and other regulatory and industry security standards.

The Team You'll Join

You will join a growing Information Security team at Recursion, focused on enabling Recursion to decode biology by providing world class technology services that are designed and fit for purpose. You'll collaborate with your teammates and across departments to agree on what the most important challenges and capabilities are, then figure out how to get us there.

The Experience You'll Need

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• You will join a growing Information Security team at Recursion, focused on enabling Recursion to decode biology by providing world class technology services that are designed and fit for purpose. You'll collaborate with your teammates and across departments to agree on what the most important challenges and capabilities are, then figure out how to get us there.
• A minimum of 10 years of experience in product security, application security, or a related field, with a proven track record of securing complex products.
• Deep understanding of security principles, threats, and countermeasures as they relate to product design and development.
• Expertise in one or more programming languages (e.g., Java, C++, Python) and experience with secure coding practices.
• Familiarity with security standards and frameworks (e.g., OWASP, NIST, ISO/IEC 27001)
• Experience with various hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Expertise in web application security testing, including OWASP Top Ten vulnerabilities. Proficiency in assessing web applications for common vulnerabilities like SQL injection, XSS, CSRF, and more
• Experience with modern security tools and techniques for vulnerability scanning, penetration testing, and encryption.
• Proficiency in exploiting vulnerabilities to gain unauthorized access and assess the impact of attacks and understanding of vulnerability scoring systems (e.g., CVSS) to prioritize findings.
• Excellent communication and leadership skills, capable of driving security initiatives and influencing change across multiple teams and disciplines.
• Relevant security certifications (e.g., CISSP, OSCP, GWAPT) are highly desirable.