Enterprise Security Engineer

Benchling • $130K — $180K *

San Francisco, CA 94112In-Person

Enterprise Technology

5 - 7 years of experience

Today

Be an Early Applicant

By clicking Apply, I agree with Ladders' Terms of Use and Privacy Policy

Job Overview by Ladders

Qualifications

5+ years in a security engineering or IAM-focused role
Deep expertise in Identity Providers (IdP), especially with Okta
Hands-on experience implementing zero trust architecture in practice
Strong knowledge of identity protocols (SAML, OIDC, OAuth 2.0, SCIM)
Proficient in managing macOS endpoints using MDM platforms
Foundational experience in cloud IAM (AWS, GCP, Azure)
Proven track record of building automation to reduce manual tasks
Scripting proficiency in at least one language, preferably Python
Excellent communication skills for engaging with technical and non-technical stakeholders

Responsibilities

Drive the zero trust strategy end to end, integrating identity and device health into access decisions
Design and maintain least-privilege access and Privileged Access Management controls
Deploy and maintain MDM infrastructure for macOS, tied to compliance and zero trust policies
Enforce SSO policies and audit third-party access involving OAuth
Detect and manage shadow IT and unauthorized access requests
Evaluate and deploy AI-native security tools to improve operational efficiency
Define security standards for AI identities and manage scoped access tokens

Benefits

Flexible hybrid work arrangement, with an expectation of 3 days in-office collaboration
Opportunities to work with cutting-edge security practices and technologies
Emphasis on automation and AI to enhance job satisfaction
Engagement in a mission to secure sensitive data, contributing to societal impact
Collaborative team environment promoting innovation and best practices

Full Job Description

ROLE OVERVIEW

As an Enterprise Security Engineer at Benchling you'll be joining a team responsible for building a best-in-class security program from the ground up. Our focus is on providing value to the organization by emphasizing real world security and embracing automation and AI. We're looking for engineers who are excited to apply their expertise to our mission of securing some of society's most sensitive data.

RESPONSIBILITIES

Drive the organization's zero trust strategy end to end - treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions rather than one-time gates
Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
Define and enforce security standards for AI agent and LLM service identities - including scoped API keys, short-lived credentials, and workload identity federation
Develop and enforce CIS/NIST-aligned configuration baselines
Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling

QUALIFICATIONS

5+ years in a security engineering or IAM-focused role
Deep, hands-on IdP expertise (preferably Okta) - SSO, SCIM, MFA, Lifecycle Management, and NHI management are all areas you can speak to with depth and demonstrate in practice
Demonstrated experience implementing zero trust architecture in practice - not just familiarity with the framework, but hands-on delivery of continuous verification, device trust integration, and least-privilege enforcement across an organization
Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure) - enough to audit, scope, and remediate identity issues
Demonstrated track record of building automation that eliminated recurring manual work
Scripting proficiency in in at least one language, preferably Python
Excellent communication skills, with the ability to engage effectively with both technical teams and non-technical stakeholders.
Strong understanding of operating systems fundamentals (MacOS/Linux/Windows)

PREFERRED

Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar) and the operational patterns around replacing VPN with identity-aware access
Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar) to increase velocity
Experience governing AI/ML service identities or securing LLM API integrations
Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
Okta Certified Administrator, Okta Certified Consultant, or equivalent certification

HOW WE WORK

We offer a flexible hybrid work arrangement that prioritizes in-office collaboration. Employees are expected to be on-site 3 days per week (Monday, Tuesday, and Thursday).

#LI-Hybrid

#BI-Hybrid

#LI-CG1

About Benchling

Benchling is a cloud-based informatics platform that accelerates life sciences R&D by streamlining workflows and centralizing data. The platform offers a suite of applications for molecular biology, including DNA design, antibody design, CRISPR analysis, and protein expression. Benchling's customers include pharmaceutical companies, biotechs, and academic institutions. The company was founded in 2012 and is headquartered in South San Francisco, California.

Learn more about Benchling

Size

500 employees

Industry

Pharmaceuticals & Biotech

Founded

2012

* Ladders Estimates

Similar Jobs

Presales Solutions Engineer - Security
$120K — $230K *
SHI
Remote
Today
Development Security Operations Engineer (Healthcare Consulting)
$105K — $150K *
Sellers Dorsey
Remote
Reposted Today
Security Engineer - Email Security
$72K — $158K *
CVS Health
Remote
Today
Relocate to SF: Software Engineer, Security
$120K — $160K *
Pylon Labs
San Francisco, CA 94112 (San Francisco County)
Yesterday
Security Engineer II
$100K — $130K *
SCS Global Services
Emeryville, CA 94608 (Alameda County)
2 days ago
Presales Solutions Engineer - Security
$120K — $230K *
SHI
Remote
5 days ago

Get Ready For Your
Next Interview

More Jobs at Benchling

Field Enablement Manager
$120K — $150K *
San Francisco, CA 94112 (San Francisco County)
3 days ago
Pharmaceuticals & Biotech
In-Person
Field Enablement Manager
$90K — $130K *
Boston, MA 02115 (Suffolk County)
3 days ago
Pharmaceuticals & Biotech
In-Person
Field Enablement Manager
$120K — $150K *
San Francisco, CA 94112 (San Francisco County)
3 days ago
Education, Government & Non-Profit
In-Person
Field Enablement Manager
$90K — $130K *
Boston, MA 02115 (Suffolk County)
3 days ago
Education, Government & Non-Profit
In-Person
Head of Scientific Development Solutions Engineering
$150K — $200K *
San Francisco, CA 94112 (San Francisco County)
5 days ago
Pharmaceuticals & Biotech
In-Person

More Enterprise Technology Jobs

Manager, Demo Engineering
$123K — $169K *
Seismic
Remote
Today
Director, Total Rewards
$130K — $180K *
Seismic
Remote
Today
Senior Global Sales Director
$150K — $170K *
Seismic
Remote
Today
Product Manager
$133K — $179K *
ModivCare
Remote
Today
Director, Hyperscalers
$248K — $302K *
RingCentral
Belmont, CA 94002 (San Mateo County)
Today

Find similar Enterprise Security Engineer jobs:

Nationwide San Francisco, CA

Enterprise Security Engineer

Job Overview by Ladders

Full Job Description

Get Ready For Your Next Interview

Find similar Enterprise Security Engineer jobs:

Get Ready For Your
Next Interview