Product Security Engineer

Company Description

DNAnexus is a leading provider of secure, scalable, and intuitive biomedical data analysis software and bioinformatics applications for the life sciences and healthcare communities. The company actively manages and supports more than 80 petabytes of complex genomic, multi-omic, and clinical datasets on behalf of a growing network of collaborations with large-scale biobanks, as well as leading pharmaceutical, clinical diagnostic, academic research, and government organizations. Over 40,000 scientists across 48 countries are now using the highly collaborative, cloud-based, end-to-end platform to gain data-driven insights that can advance scientific discovery, accelerate precision medicine, and improve patient care.

Job Description

The Security Mission

Our customers depend on the secure and reliable operation of the DNAnexus platform to run their business.  From clinical research to large-scale multi-omics computation, our platform is essential to tackle some of the most exciting opportunities in human health.  With DNAnexus, organizations can stay a step ahead in leveraging genomics to achieve their goals.  DNAnexus brings it all together on a single secure, resilient, and  scalable platform. 

The role

You will be an essential part of our Product Security team and a critical player within our larger Security & Technology organization.  Through close collaboration with Product Management and Engineering, you’ll develop pragmatic and elegant solutions to address the security concerns and risks that you identified in your initial threat modeling and evaluation of our product designs.  As a part of the product design team, your input and experience will make DNAnexus products more resilient, reliable and secure.   In order to be successful, a close understanding of how Software Engineering and empathy with your software engineering will be crucial.  As a security team, we strive to solve problems with an engineering mindset and with a strong understanding of the business context.

The problems you will solve:

• You will aid our Product Managers in developing secure and resilient product designs.
• You’ll become a respected advisor to our software engineers and you’ll help them solve security & compliance problems without limiting product functionality or adding tech debt.
• You will design, build, and introduce security tooling that improves assurance of code in our pipelines and accelerates time to deployment of code.
• You’ll focus on training and education with your software engineering counterparts to improve velocity and security of our developed code.
• You’ll conduct threat modeling exercises and work closely with product & engineering to address the risks that you’ve identified.
• Your input as a security practitioner will be valuable for our Product Management team as we develop tooling to help our clients’ security and IT teams manage their use of our platforms.

Qualifications

The experience you will bring:

• Bachelors of Science in a computer science, cyber security, electrical engineering or related field.
• A firm understanding of software development (SDLC) & continuous integration/continuous deployment approaches, including commonly used IDE and git environments.
• An ability to navigate a product specification and connect the business objectives with the security risks of a new product feature.
• Prior threat modeling experience, in a software development context.
• You have assisted your peers in a security detection & response capacity, specifically you’ve helped incident response / SOC team members understand how a software application operates.
• Experience leveraging application security techniques to identify and validate the impact of application flaws.
• A strong collaboration track-record with both technical (engineering) and non-technical stakeholders.
• Prior exposure to regulated or life science environments.

Personal Attributes and Values:

• You personally enjoy contributing to the security community and driving our industry to do better.
• Complex problems intrigue you and you leverage creative problem solving skills as well as the ability to ignite the creativity of others to solve these problems.
• Flexible, nimble, and scrappy; startup mentality and willingness/ability to change direction quickly if best for the business.  You understand and can navigate the tradeoffs that allow us to manage our technical debt load.
• A self starter that can work independently and collaboratively across multiple workstreams without technical program management support.
• Able to earn the respect of the team on the basis of crisp execution, technical depth, hands-on style, and strategic decision making ability.
• Takes a data centric, objective approach to decision making and has the ability to put aside personal preferences, historical bias, peer pressure and political influences to arrive at decisions on a reasoned, objectively-defensible basis.
• Strong presence; good communicator and highly influential both externally as well as internally at the executive level and across the organization.
• A highly collaborative, team player with a company-first mentality; ability to influence, prioritize, and get alignment cross-functionally.
• A positive, energetic, can-do attitude. High EQ, hungry to succeed, achievement orientation, self-motivation.  Highly confident, yet humble and self-aware.
• Entrepreneurial DNA; not afraid to take calculated risks, brings a mentality of rapid innovation and the desire to attain big goals.
• High integrity, principles, and ethics.

Additional Information

Headquartered in Mountain View, California, with over 220 team members across the United States and Europe, DNAnexus is experiencing rapid growth and market adoption. With the support of leading investors including Google Ventures and Blackstone, and trusted by hundreds of the world's biomedical leaders,  the company is at the innovative forefront with our precision health data cloud to drive scientific breakthroughs. If you are interested in joining our team, please apply today!

DNAnexus will provide the necessary support to enable the ideal candidate to work remotely within the Czech Republic.