Jobs · Information Technology · California

Enterprise Security Engineer

Benchling · San Francisco, CA · Yesterday
HybridInformation Technology$189k–$256k/yrFull-time
We are rebuilding biotech for the AI era. When a breakthrough is delayed, the world waits. Getting a molecule from discovery to patients, or a crop from lab to field, involves thousands of slow, manual, disconnected steps. AI has the potential to change this, compressing decades of R&D work into years. But that only happens when clean, structured scientific data and AI are built into how science gets done. Benchling is the AI platform for biotech R&D. Scientists use Benchling to design experiments, capture structured data, and run AI agents and models directly in their workflows. Over 200,000 scientists around the world trust Benchling to power their most important work, from academic labs to Sanofi, Moderna, and more than half of the world's top 50 biopharma. We’re building an AI scientist for our customers. We can’t do that if we haven’t built the muscle ourselves. AI fluency is the foundation we build on; it's core to how we work, and we're committed to helping every new hire integrate it into their day-to-day. As part of our interview process, you'll complete a brief AI-focused exercise or discussion so we can understand how you think about and use AI to drive impact in your role. Feel free to reference any tools, platforms, or workflows you use today. Role Overview As an Enterprise Security Engineer at Benchling you’ll be joining a team responsible for building a best-in-class security program from the ground up. Our focus is on providing value to the organization by emphasizing real world security and embracing automation and AI. We’re looking for engineers who are excited to apply their expertise to our mission of securing some of society's most sensitive data. Responsibilities Drive the organization's zero trust strategy end to end — treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions rather than one-time gatesDesign and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controlsDeploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisionsEnforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration accessBuild processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controlsEvaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approachesDefine and enforce security standards for AI agent and LLM service identities — including scoped API keys, short-lived credentials, and workload identity federationDevelop and enforce CIS/NIST-aligned configuration baselinesMeaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling Qualifications 5+ years in a security engineering or IAM-focused roleDeep, hands-on IdP expertise (preferably Okta) — SSO, SCIM, MFA, Lifecycle Management, and NHI management are all areas you can speak to with depth and demonstrate in practiceDemonstrated experience implementing zero trust architecture in practice — not just familiarity with the framework, but hands-on delivery of continuous verification, device trust integration, and least-privilege enforcement across an organizationStrong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIMProficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platformFoundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure) — enough to audit, scope, and remediate identity issuesDemonstrated track record of building automation that eliminated recurring manual work Scripting proficiency in in at least one language, preferably PythonExcellent communication skills, with the ability to engage effectively with both technical teams and non-technical stakeholders.Strong understanding of operating systems fundamentals (MacOS/Linux/Windows) Preferred Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar) and the operational patterns around replacing VPN with identity-aware accessHands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar) to increase velocityExperience governing AI/ML service identities or securing LLM API integrationsFamiliarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged AccessOkta Certified Administrator, Okta Certified Consultant, or equivalent certification How We Work We offer a flexible hybrid work arrangement that prioritizes in-office collaboration. Employees are expected to be on-site 3 days per week (Monday, Tuesday, and Thursday). #BI-Hybrid Benchling welcomes everyone. We believe diversity enriches our team so we hire people with a wide range of identities, backgrounds, and experiences. We are an equal opportunity employer. That means we don’t discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We also consider for employment qualified applicants with arrest and conviction records, consistent with applicable federal, state and local law, including but not limited to the San Francisco Fair Chance Ordinance. Compensation Range: $189K - $256K

Similar jobs