Senior Security Engineer

Your impact

As a Senior Security Engineer, you will architect and manage the security of our groundbreaking ML-based platform and High Performance Computing (HPC) infrastructure. This role requires a highly proactive problem-solver who enjoys a fast-paced environment and possesses the curiosity to dive into diverse technical challenges. You will act as a versatile, T‑shaped engineer, overseeing security solutions from initial requirement gathering to final implementation. By combining deep technical know‑how with strong collaborative skills, you will ensure our security posture evolves as quickly as our research, managing the end‑to‑end lifecycle of our defense systems.

What you will do

Secure Architecture and Product Engineering

• Participate in the design and perform security reviews of our evolving AI platforms and underlying HPC infrastructure.

Infrastructure as Code (Ia C) Security

• Partner with our Dev Ops / SRE team to harden our cloud infrastructure and our network, ensuring security by design, automation and auditability through Policy as Code.

Third Party Systems Secure Integration

• Perform deep‑dive technical assessments of third‑party platforms, AI solutions, Cloud or Saa S providers and support secure integration or deployment.

Secure CI/CD

• Design and implement automated security controls within our CI/CD pipelines to ensure code is secure from commit to production without slowing down research velocity.

Threat Modeling & Risk Assessment

• Conduct proactive threat modeling and risk assessment, support teams in the implementation of remediation plan and audit expected outcomes.

Incident Response

• Act as a L2/L3 escalation point for the remediation of complex vulnerabilities and security incidents.

Identity & Access Management

• Implement our state‑of‑the‑art Zero Trust framework, ensuring robust access control and consistent enforcement of the principle of least privilege.

Risk Management and Compliance Automation

• Bridge the gap between technical controls and regulatory requirements (GDPR, Gx P, EU AI Act) by automating evidence collection and risk posture monitoring (CSPM).

Security Tooling Development

• Build or integrate custom internal tools that automate repetitive security tasks, shifting our operational load from manual toil to scalable engineering.

End‑to‑End Solution Delivery

• Manage the full lifecycle of security controls, from initial user needs analysis and requirements gathering to structured testing and phased implementation and communication, ensuring high‑quality deployment followed by data‑driven continuous improvement.

Skills and qualifications

Cloud Engineering Proficiency

• Deep technical knowledge of cloud platform security (GCP preferred) including Network and VPC design, IAM policy construction, Cloud resources hardening and Cloud native security services.

Analytical Risk Management and Problem Solving

• Proficiency in assessing multi‑faceted risks and decomposing complex security issues into manageable tasks and providing data‑driven recommendations to stakeholders.

Coding Skills

• Ability to write small production‑grade code (e.g. in Python) and to automate security tasks, build custom tooling, etc.

Dev Sec Ops Tooling

• Hands‑on experience with Infrastructure as Code (Terraform) and version control systems (Git Hub) to manage security configurations.

Container Security

• Proven ability to secure containerized workloads (Kubernetes/Docker), focusing on image signing, runtime protection, and orchestration security.

Network Security Fundamentals

• Solid understanding of modern networking, including zero‑trust architecture, encryption in transit (TLS/m TLS), and API gateway security.

Identities and Access Management

• Proficiency in implementing a state of the art IAM strategy both from an organisational and technical standpoints in a multi‑tenant cloud environment.

Collaborative Security Culture

• Strong ability to support researchers in AI and Drug Discovery, leveraging excellent listening skills, to provide pragmatic advice that balances high-security requirements with business agility.

Adaptability & Communication

• Excellent soft skills with the ability to navigate an ambiguous, high‑growth environment and explain technical risks to non‑security audiences.

Offensive Mindset

• Strong understanding of the MITRE ATT&CK framework and the ability to think like an adversary to identify "blind spots" in our defense.

Nice to have

AI/ML Security Interest

• Familiarity with the unique security challenges of an AI first company and other common AI solutions such as LLMs.

Regulated Industry Experience

• Prior experience working in Bio Tech, Pharma where data integrity and regulatory compliance are paramount.

Advanced Security Certifications

• Holding industry‑recognised credentials such as GSE, OSCP, CISSP or professional‑level Cloud Security Engineer certifications.

Application Security (App Sec)

• Experience with SAST/DAS