Key skills
AWSTerraformKubernetesDockerIAMGitGitHubCloudflareCI/CDCommunicationOWASPPenetration Testing
About this role
Sequencing.com is a profitable, Series A company at the intersection of biotech, genomics, and personalized health. They are seeking a Senior Security Engineer to lead security initiatives for their web apps, APIs, and cloud infrastructure while ensuring compliance with HIPAA and other security standards. The role involves building security practices, collaborating with various teams, and enhancing security awareness across the organization.
Responsibilities:
- Lead security testing for our web apps, APIs, cloud (AWS/OCI), Kubernetes, and on‑prem servers, and clearly document vulnerabilities you find
- Build security into our CI/CD pipelines with DevOps, including code and app scanning and stronger secrets management
- Work with bioinformatics to secure genomic data pipelines and protect PHI/PII in line with HIPAA requirements
- Set up and run security monitoring, alerting, and incident response, with practical playbooks and runbooks the team can follow
- Lead the technical work needed for HIPAA, SOC 2, and ISO 27001 readiness and future audits
- Help design and improve logging and SIEM use so the team can spot and respond to threats faster
- Translate security findings into clear, prioritized tasks that engineering and DevOps teams can execute
- Partner with engineers, DevOps, and bioinformatics so security is built into how we design, build, and ship systems
- Contribute to threat modeling and secure design discussions for new and existing services
- Maintain clear, concise security documentation, including standards, guidelines, and incident procedures
- Support vendor and third-party security assessments by reviewing findings and driving remediation with the team
- Provide input into security aspects of our architecture and infrastructure decisions
- Support security aspects of our performance tasks and assessments, including translating real-world attack methods into learnings for the team
- Help raise security awareness across the company by sharing best practices with engineers and partner teams
- Collaborate across time zones and functions to plan, prioritize, and communicate security work and trade‑offs
Requirements:
- 8+ years in security engineering, DevSecOps, or infrastructure security roles
- Strong hands-on penetration testing and vulnerability discovery skills, using both manual methods and tools
- Deep experience securing AWS and OCI cloud and Kubernetes (RBAC, IAM, network policies, containers, secrets), as well as bare metal and on-premises server environments
- Experience adding and tuning security tools in CI/CD (such as Semgrep, CodeQL, OWASP ZAP, Burp Suite)
- Comfortable with tools like Burp Suite, Metasploit or similar, OWASP ZAP, Semgrep or CodeQL, CloudTrail, Falco, Terraform, Docker, Git/GitHub, Cloudflare, and Google Workspace
- Experience with SIEM or log aggregation and real-time detection and monitoring
- Familiarity with HIPAA, SOC 2, and how to protect PHI/PII in regulated or high-sensitivity environments
- Clear written and verbal communication, especially for explaining security issues and recommendations to technical teams
- Ability to influence and collaborate with engineering, DevOps, and data teams without formal authority
- Comfortable working independently in a remote, fast-moving startup with limited existing security processes
- OSCP, OSCE, or equivalent certifications are a plus; we value candidates with real-world offensive experience, not just institutional credentials
- Experience with eCommerce and checkout security, including securing payment flows, cart and order APIs, and protecting against fraud, skimming attacks, and checkout abuse
- Experience with vulnerability research, responsible disclosure, or red team operations is a strong plus