Sequencing.com is a profitable, Series A company at the intersection of biotech, genomics, and personalized health. As the world’s largest direct-to-consumer genomics platform, our mission is to power the future of personalized health by making whole genome sequencing and interpretation accessible, actionable, and meaningful for everyone. We partner with healthcare professionals, research organizations, and consumer wellness platforms to deliver deep genomic insights through our advanced data and bioinformatics platform. We are venture-backed, rapidly scaling, and assembling a team that is excited to build products that change the world.

The Position

As our first dedicated Senior Security Engineer, you will join a remote, global health‑tech team that works at the intersection of genomics, AI, and consumer health. You will report to the Head of Engineering, partner closely with DevOps, bioinformatics, and developers, and help protect highly sensitive health and genomic data as we grow.

You will build security practices and your work will directly shape how the company operates and earns customer and partner trust. Success in this role means being proactive, collaborative, clear in your communication, and comfortable executing in a fast-moving, startup environment while partnering across functions and time zones.

The Impact

• Lead security testing for our web apps, APIs, cloud (AWS/OCI), Kubernetes, and on‑prem servers, and clearly document vulnerabilities you find.
• Build security into our CI/CD pipelines with DevOps, including code and app scanning and stronger secrets management.
• Work with bioinformatics to secure genomic data pipelines and protect PHI/PII in line with HIPAA requirements.
• Set up and run security monitoring, alerting, and incident response, with practical playbooks and runbooks the team can follow.
• Lead the technical work needed for HIPAA, SOC 2, and ISO 27001 readiness and future audits.
• Help design and improve logging and SIEM use so the team can spot and respond to threats faster.
• Translate security findings into clear, prioritized tasks that engineering and DevOps teams can execute.
• Partner with engineers, DevOps, and bioinformatics so security is built into how we design, build, and ship systems.
• Contribute to threat modeling and secure design discussions for new and existing services.
• Maintain clear, concise security documentation, including standards, guidelines, and incident procedures.
• Support vendor and third-party security assessments by reviewing findings and driving remediation with the team.
• Provide input into security aspects of our architecture and infrastructure decisions.
• Support security aspects of our performance tasks and assessments, including translating real-world attack methods into learnings for the team.
• Help raise security awareness across the company by sharing best practices with engineers and partner teams.
• Collaborate across time zones and functions to plan, prioritize, and communicate security work and trade‑offs.

Dominant and Recessive Traits

• 8+ years in security engineering, DevSecOps, or infrastructure security roles.
• Strong hands-on penetration testing and vulnerability discovery skills, using both manual methods and tools. OSCP, OSCE, or equivalent certifications are a plus; we value candidates with real-world offensive experience, not just institutional credentials.
• Deep experience securing AWS and OCI cloud and Kubernetes (RBAC, IAM, network policies, containers, secrets), as well as bare metal and on-premises server environments.
• Experience adding and tuning security tools in CI/CD (such as Semgrep, CodeQL, OWASP ZAP, Burp Suite).
• Comfortable with tools like Burp Suite, Metasploit or similar, OWASP ZAP, Semgrep or CodeQL, CloudTrail, Falco, Terraform, Docker, Git/GitHub, Cloudflare, and Google Workspace.
• Experience with SIEM or log aggregation and real‑time detection and monitoring.
• Familiarity with HIPAA, SOC 2, and how to protect PHI/PII in regulated or high‑sensitivity environments.
• Clear written and verbal communication, especially for explaining security issues and recommendations to technical teams.
• Ability to influence and collaborate with engineering, DevOps, and data teams without formal authority.
• Comfortable working independently in a remote, fast-moving startup with limited existing security processes.
• Experience with eCommerce and checkout security, including securing payment flows, cart and order APIs, and protecting against fraud, skimming attacks, and checkout abuse.
• Experience with vulnerability research, responsible disclosure, or red team operations is a strong plus.