Lead Security Engineer - Natera
San Carlos, CA 94070
About the Job
Lead Security Engineer, Product SecurityPOSITION SUMMARYWe are looking for a highly skilled and motivated Lead Application Security Engineer to join our security team at Natera.
This position is a highly visible, business-facing, and hands-on role.
The ideal candidate will be responsible for ensuring the security of our applications through the identification of vulnerabilities, implementation of security measures, and promotion of best practices across the development lifecycle.
This role requires expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration test, vulnerability management, WAF, API security, and ideally, a strong understanding of application security compliance standards such as OWASP, SOC2, NIST, HIPAA, and FDA Cybersecurity Guidelines.You will lead, build, and maintain the application security initiatives, including security architecture, security testing, and related security compliances for the Natera market segment.
Additionally, you will lead the product security policies, strategies, and activities, as well as interact with product and engineering teams through the security champion program.
You will collaborate with senior-level leaders and key stakeholders on matters that often require the coordination of activity across organizational lines to build and maintain robust and scalable enterprise security solutions.PRIMARY RESPONSIBILITIES:Lead, build, and maintain the application security initiatives, including security architecture, security testing, vulnerability management, and security champion programDevelop and enforce product security policies, reference architectures, procedures, and standards in compliance with SOC2, FDA Cybersecurity Guidelines, NIST, HIPAA, and other relevant regulationsConduct security assessments, including SAST, DAST, pen test, to identify vulnerabilities in applicationsExpert hands on experiences in WAF, API Security in complex enterprise environmentsCollaborate with development teams to integrate security practices into the secure software development lifecycle (SDLC)Lead the product security strategies and activities, ensuring alignment with business objectives.Perform penetration testing and simulate attacks to identify potential security weaknesses.Monitor and respond to security incidents, providing timely analysis and resolution.Stay up-to-date with the latest security trends, vulnerabilities, and technologiesProvide training and guidance to developers on secure coding practicesParticipate in the design and architecture of secure applications and systemsAssist in compliance efforts and audits related to application security, including preparation of necessary documentationInteract with senior-level leaders and key stakeholders to coordinate activities across organizational lines and maintain robust and scalable enterprise business solutionsKeep track of new regulations, industry best practices, and implement continuous improvement on an ongoing basisCollaborate with Information Security, Engineering and product teams to create, maintain and deliver an overall compliance/certifications roadmapCollaborate with Technical Program Management and Engineering, and help drive the development of standardized processes and procedures to assure product security requirements are accounted for in New Product Introduction (NPI), New Feature Introduction (NFI), and acquisition activitiesRequirementsBachelor’s degree in Computer Science, Information Security, or a related field10+ years of experience in application security or a related roleStrong knowledge of security principles, vulnerabilities, and remediation techniquesExperience with SAST and DAST tools such as OWASP ZAP, Burp Suite, Checkmarx, Veracode, or similarProficiency in programming languages such as Java, C#, Python, or JavaScriptFamiliarity with web application security standards (e.g., OWASP Top Ten)Understanding of compliance standards such as SOC2, FDA Cybersecurity Guidelines, NIST, and how they apply to application securityExcellent analytical and problem-solving skillsStrong communication skills and the ability to work collaboratively in a team environment.Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plusStrong analytical abilities to make data-based and strategic value-driven business decisions, including the ability to make reasoned decisions in the face of uncertainty or imperfect dataStrong technical background and communication skills are highly preferredThe pay range is listed and actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location.
This may differ in other locations due to cost of labor considerations.Remote USA$172,400—$215,450 USDOUR OPPORTUNITYNatera is a global leader in cell-free DNA (cfDNA) testing, dedicated to oncology, women’s health, and organ health.
Our aim is to make personalized genetic testing and diagnostics part of the standard of care to protect health and enable earlier and more targeted interventions that lead to longer, healthier lives.The Natera team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for our work and each other.
When you join Natera, you’ll work hard and grow quickly.
Working alongside the elite of the industry, you’ll be stretched and challenged, and take pride in being part of a company that is changing the landscape of genetic disease management.WHAT WE OFFERCompetitive Benefits - Employee benefits include comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents.
Additionally, Natera employees and their immediate families receive free testing in addition to fertility care benefits.
Other benefits include pregnancy and baby bonding leave, 401k benefits, commuter benefits and much more.
We also offer a generous employee referral program!For more information, visit .Natera is proud to be an Equal Opportunity Employer.
We are committed to ensuring a diverse and inclusive workplace environment, and welcome people of different backgrounds, experiences, abilities and perspectives.
Inclusive collaboration benefits our employees, our community and our patients, and is critical to our mission of changing the management of disease worldwide.All qualified applicants are encouraged to apply, and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, veteran status, disability or any other legally protected status.
We also consider qualified applicants regardless of criminal histories, consistent with applicable laws.If you are based in California, we encourage you to read this important information for California residents. Link: Please be advised that Natera will reach out to candidates with a @natera.com email domain ONLY.
Email communications from all other domain names are not from Natera or its employees and are fraudulent.
Natera does not request interviews via text messages and does not ask for personal information until a candidate has engaged with the company and has spoken to a recruiter and the hiring team.
Natera takes cyber crimes seriously, and will collaborate with law enforcement authorities to prosecute any related cyber crimes.For more information:- BBB announcement on job scams- FBI Cyber Crime resource page
This position is a highly visible, business-facing, and hands-on role.
The ideal candidate will be responsible for ensuring the security of our applications through the identification of vulnerabilities, implementation of security measures, and promotion of best practices across the development lifecycle.
This role requires expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration test, vulnerability management, WAF, API security, and ideally, a strong understanding of application security compliance standards such as OWASP, SOC2, NIST, HIPAA, and FDA Cybersecurity Guidelines.You will lead, build, and maintain the application security initiatives, including security architecture, security testing, and related security compliances for the Natera market segment.
Additionally, you will lead the product security policies, strategies, and activities, as well as interact with product and engineering teams through the security champion program.
You will collaborate with senior-level leaders and key stakeholders on matters that often require the coordination of activity across organizational lines to build and maintain robust and scalable enterprise security solutions.PRIMARY RESPONSIBILITIES:Lead, build, and maintain the application security initiatives, including security architecture, security testing, vulnerability management, and security champion programDevelop and enforce product security policies, reference architectures, procedures, and standards in compliance with SOC2, FDA Cybersecurity Guidelines, NIST, HIPAA, and other relevant regulationsConduct security assessments, including SAST, DAST, pen test, to identify vulnerabilities in applicationsExpert hands on experiences in WAF, API Security in complex enterprise environmentsCollaborate with development teams to integrate security practices into the secure software development lifecycle (SDLC)Lead the product security strategies and activities, ensuring alignment with business objectives.Perform penetration testing and simulate attacks to identify potential security weaknesses.Monitor and respond to security incidents, providing timely analysis and resolution.Stay up-to-date with the latest security trends, vulnerabilities, and technologiesProvide training and guidance to developers on secure coding practicesParticipate in the design and architecture of secure applications and systemsAssist in compliance efforts and audits related to application security, including preparation of necessary documentationInteract with senior-level leaders and key stakeholders to coordinate activities across organizational lines and maintain robust and scalable enterprise business solutionsKeep track of new regulations, industry best practices, and implement continuous improvement on an ongoing basisCollaborate with Information Security, Engineering and product teams to create, maintain and deliver an overall compliance/certifications roadmapCollaborate with Technical Program Management and Engineering, and help drive the development of standardized processes and procedures to assure product security requirements are accounted for in New Product Introduction (NPI), New Feature Introduction (NFI), and acquisition activitiesRequirementsBachelor’s degree in Computer Science, Information Security, or a related field10+ years of experience in application security or a related roleStrong knowledge of security principles, vulnerabilities, and remediation techniquesExperience with SAST and DAST tools such as OWASP ZAP, Burp Suite, Checkmarx, Veracode, or similarProficiency in programming languages such as Java, C#, Python, or JavaScriptFamiliarity with web application security standards (e.g., OWASP Top Ten)Understanding of compliance standards such as SOC2, FDA Cybersecurity Guidelines, NIST, and how they apply to application securityExcellent analytical and problem-solving skillsStrong communication skills and the ability to work collaboratively in a team environment.Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plusStrong analytical abilities to make data-based and strategic value-driven business decisions, including the ability to make reasoned decisions in the face of uncertainty or imperfect dataStrong technical background and communication skills are highly preferredThe pay range is listed and actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location.
This may differ in other locations due to cost of labor considerations.Remote USA$172,400—$215,450 USDOUR OPPORTUNITYNatera is a global leader in cell-free DNA (cfDNA) testing, dedicated to oncology, women’s health, and organ health.
Our aim is to make personalized genetic testing and diagnostics part of the standard of care to protect health and enable earlier and more targeted interventions that lead to longer, healthier lives.The Natera team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for our work and each other.
When you join Natera, you’ll work hard and grow quickly.
Working alongside the elite of the industry, you’ll be stretched and challenged, and take pride in being part of a company that is changing the landscape of genetic disease management.WHAT WE OFFERCompetitive Benefits - Employee benefits include comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents.
Additionally, Natera employees and their immediate families receive free testing in addition to fertility care benefits.
Other benefits include pregnancy and baby bonding leave, 401k benefits, commuter benefits and much more.
We also offer a generous employee referral program!For more information, visit .Natera is proud to be an Equal Opportunity Employer.
We are committed to ensuring a diverse and inclusive workplace environment, and welcome people of different backgrounds, experiences, abilities and perspectives.
Inclusive collaboration benefits our employees, our community and our patients, and is critical to our mission of changing the management of disease worldwide.All qualified applicants are encouraged to apply, and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, veteran status, disability or any other legally protected status.
We also consider qualified applicants regardless of criminal histories, consistent with applicable laws.If you are based in California, we encourage you to read this important information for California residents. Link: Please be advised that Natera will reach out to candidates with a @natera.com email domain ONLY.
Email communications from all other domain names are not from Natera or its employees and are fraudulent.
Natera does not request interviews via text messages and does not ask for personal information until a candidate has engaged with the company and has spoken to a recruiter and the hiring team.
Natera takes cyber crimes seriously, and will collaborate with law enforcement authorities to prosecute any related cyber crimes.For more information:- BBB announcement on job scams- FBI Cyber Crime resource page
Source : Natera