Key skills
PythonRAIMLLLMClaudeAWSAzureGCPVaultIAMOAuthOktaSAMLSSOCloudflareSaaSCommunicationZero Trust
About this role
Benchling is an AI platform for biotech R&D that aims to revolutionize the industry by integrating AI and structured scientific data into workflows. As an Enterprise Security Engineer, you will be responsible for building a comprehensive security program, focusing on zero trust strategies and automation to secure sensitive data for the organization.
Responsibilities:
- Drive the organization's zero trust strategy end to end — treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions rather than one-time gates
- Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
- Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
- Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
- Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
- Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
- Define and enforce security standards for AI agent and LLM service identities — including scoped API keys, short-lived credentials, and workload identity federation
- Develop and enforce CIS/NIST-aligned configuration baselines
- Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling
Requirements:
- 5+ years in a security engineering or IAM-focused role
- Deep, hands-on IdP expertise (preferably Okta) — SSO, SCIM, MFA, Lifecycle Management, and NHI management are all areas you can speak to with depth and demonstrate in practice
- Demonstrated experience implementing zero trust architecture in practice — not just familiarity with the framework, but hands-on delivery of continuous verification, device trust integration, and least-privilege enforcement across an organization
- Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
- Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
- Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure) — enough to audit, scope, and remediate identity issues
- Demonstrated track record of building automation that eliminated recurring manual work
- Scripting proficiency in in at least one language, preferably Python
- Excellent communication skills, with the ability to engage effectively with both technical teams and non-technical stakeholders
- Strong understanding of operating systems fundamentals (MacOS/Linux/Windows)
- Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar) and the operational patterns around replacing VPN with identity-aware access
- Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar) to increase velocity
- Experience governing AI/ML service identities or securing LLM API integrations
- Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
- Okta Certified Administrator, Okta Certified Consultant, or equivalent certification