Senior/Lead Security Engineer

At BioRender, we’re on a mission to accelerate the world’s ability to learn, discover, and communicate science — transforming how knowledge is shared and making science open, collaborative, and easily understandable by all.

We’re shaping the future of science communication and are looking for talented individuals to help bring this vision to life! 🚀

As a Senior/Lead Security Engineer, you have a strong background in ethical hacking. You'll be responsible for conducting advanced penetration tests, vulnerability assessments, bug bounty program operation and work closely with engineering teams on implementing security best practices in Biorender’s flagship application. You'll leverage your deep understanding of the latest threats and attack vectors, along with your ability to develop and implement effective security measures.

What you'll be doing 

• Application Security: Create detailed design documents and guidelines for Engineering Teams. Ensure security requirements are detailed and integrated into all stages of the SDLC.

• Penetration Testing & Threat mitigation: Execute comprehensive penetration tests on web applications, networks, and systems to identify security vulnerabilities. Conduct treat modeling, threat hunting, and log analysis across multiple environments

• Cloud Security & WAF: Implement and manage security controls in cloud environments (AWS and Cloudflare) to ensure secure cloud architecture and data protection.

• Collaboration & Stakeholder Engagement: Work closely with IT, development, and business teams to integrate security best practices across all technology initiatives. Advocate for security within the organization.

• Define Best Practices: Collaborate with security and engineering teams and stakeholders to enhance security posture and implement mitigation strategies. Assist in developing security policies, procedures, and guidelines to strengthen the organization's security framework. 

• Mentorship & Thought Leadership: Stay up-to-date with the latest security trends, vulnerabilities, and attack techniques. Mentor and train other engineers, sharing knowledge and best practices.

• Experience operating a bug bounty program. Participate in security research projects to discover new vulnerabilities and improve existing security tools.

• Vulnerability Management: Conduct security assessments, penetration testing, and vulnerability scans to identify and remediate security gaps.

• Security Architecture & Implementation: Design and implement robust security solutions and security architecture to protect against cyber threats, ensuring the integrity and availability of systems and data.

• Security Tooling & Automation: Evaluate, deploy, and manage security tools such as SIEM, EDR, IDS/IPS, and endpoint protection solutions.

• Incident Response & Monitoring:  comfort with incident response frameworks.Proficient in leveraging security logs and/or a SIEM to detect, investigate, and respond to security events.

What you bring to the table 

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).

• Minimum of 5 years of experience in security, ethical hacking, or penetration testing.

• Strong knowledge of network protocols, operating systems, and security architectures

• Proficiency in using penetration testing tools such as Burp Suite, Kali, nmap, Wireshark, and Metasploit.

• Experience with scripting and programming languages (e.g., Python, Bash, PowerShell, Go, Javascript) to develop custom tools and exploits.

• Proficiency with AWS, CDN, WAF, modern web application and data pipelines (ie. Node.js, python).

• Strong understanding of network security, cryptography, and secure coding practices.

• Comprehensive understanding of OWASP Top Ten (WebApp, LLM, CI/CD) and common weaknesses and vulnerabilities, NIST.

• Relevant certifications such as AWS Certifications (Solutions Architect, Security Speciality, etc.) GWAPT, OSWE, OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS courses (SEC540) are highly desirable.

• Excellent problem-solving skills and the ability to think like an attacker (ie. active defender mindset).

• Strong written and verbal communication skills, with the ability to develop documentation and explain technical details in a concise manner.

• Proven ability to work independently and as part of a team in a fast-paced, dynamic environment.

Preferred Qualifications:

• Experience implementing or assessing security controls.

• Experience with tools used for web application, network security and wireless testing.

• Knowledge of secure coding practices and software development life cycle (SDLC).

• Familiarity with threat modeling and risk assessment methodologies. 

• Experience with runtime security, EDR, and forensic analysis tools on various operating systems.

• Experience in conducting social engineering assessments and physical security testing.

• Experience leading and operating a bug bounty program

• Participation in Capture the Flag tournaments and other national/global hacking competitions 

Why join us?

• We are mission-driven: we work collaboratively towards our shared vision of improving scientific communication and accelerating scientific discovery. BioRender figures have appeared in more than 54,000 publications! 

• BioRender is loved by millions! We have a world-class NPS and a community of loyal fans and users in 200+ countries!

• Our company is backed by top investors and accelerators like Y Combinator, and we are on a growth trajectory comparable to many top-performing SaaS companies 

• We’re remote-first with team members across Canada and the U.S., offering you the flexibility to work from anywhere. 

BioRender is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.