Enterprise Security Engineer

Benchling • $120K — $150K *

US-AnywhereRemote in United States

Enterprise Technology

5 - 7 years of experience

3 weeks ago

By clicking Apply, I agree with Ladders' Terms of Use and Privacy Policy

Job Overview by Ladders

Qualifications

5+ years in security engineering or IAM-focused role
Hands-on expertise with IdP, preferably Okta, covering SSO and MFA
Experience with implementing zero trust architecture practically
Strong knowledge of identity protocols: SAML, OIDC, OAuth 2.0
Proficiency in managing macOS endpoints using MDM platforms
Foundational cloud IAM experience with AWS, GCP, or Azure
Demonstrated ability in building automation to reduce manual tasks
Scripting skills in Python or similar language

Responsibilities

Drive the zero trust strategy, integrating identity and device health continuously
Design least-privilege access patterns and privileged access management controls
Deploy and maintain MDM infrastructure for macOS, ensuring compliance with policies
Enforce SSO policies and audit third-party access for OAuth scopes
Build tools to detect shadow IT and unauthorized app grants
Evaluate AI-native security tools to enhance efficiency and security coverage
Define security standards for AI agents, focusing on secure credentials management
Develop configuration baselines aligned with CIS/NIST standards
Reduce manual work through automation and AI tooling

Benefits

Opportunity to build a best-in-class security program from scratch
Focus on real-world security applications and use of automation and AI
Work in a dynamic environment with a mission-driven approach
Engage in hands-on delivery of cutting-edge security strategies
Collaborate with both technical and non-technical teams

Full Job Description

ROLE OVERVIEW

As an Enterprise Security Engineer at Benchling you'll be joining a team responsible for building a best-in-class security program from the ground up. Our focus is on providing value to the organization by emphasizing real world security and embracing automation and AI. We're looking for engineers who are excited to apply their expertise to our mission of securing some of society's most sensitive data.

RESPONSIBILITIES

Drive the organization's zero trust strategy end to end - treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions rather than one-time gates
Design and maintain least-privilege access patterns, Just-in-Time (JIT) access, and Privileged Access Management (PAM) controls
Deploy, configure, and maintain MDM infrastructure for the macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
Enforce SSO-required policies, review and restrict OAuth scopes, and audit third-party integration access
Build processes and tooling to detect shadow IT, unauthorized OAuth app grants, and SaaS tools that bypass identity controls
Evaluate and deploy AI-native security tooling where it demonstrably reduces analyst burden or closes coverage gaps faster than traditional approaches
Define and enforce security standards for AI agent and LLM service identities - including scoped API keys, short-lived credentials, and workload identity federation
Develop and enforce CIS/NIST-aligned configuration baselines
Meaningfully reduce manual toil through automation and, where applicable, AI-assisted tooling

QUALIFICATIONS

5+ years in a security engineering or IAM-focused role
Deep, hands-on IdP expertise (preferably Okta) - SSO, SCIM, MFA, Lifecycle Management, and NHI management are all areas you can speak to with depth and demonstrate in practice
Demonstrated experience implementing zero trust architecture in practice - not just familiarity with the framework, but hands-on delivery of continuous verification, device trust integration, and least-privilege enforcement across an organization
Strong working knowledge of identity protocols: SAML, OIDC, OAuth 2.0, and SCIM
Proficiency managing macOS endpoints at scale using Fleet or an equivalent MDM platform
Foundational cloud IAM experience across at least one major provider (AWS, GCP, or Azure) - enough to audit, scope, and remediate identity issues
Demonstrated track record of building automation that eliminated recurring manual work
Scripting proficiency in in at least one language, preferably Python
Excellent communication skills, with the ability to engage effectively with both technical teams and non-technical stakeholders.
Strong understanding of operating systems fundamentals (MacOS/Linux/Windows)

Preferred

Experience with ZTNA platforms (Cloudflare Access, Zscaler Private Access, Tailscale, or similar) and the operational patterns around replacing VPN with identity-aware access
Hands-on use of AI coding assistants (Copilot, Claude, Cursor, or similar) to increase velocity
Experience governing AI/ML service identities or securing LLM API integrations
Familiarity with PAM solutions such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access
Okta Certified Administrator, Okta Certified Consultant, or equivalent certification

#LI-CG1

About Benchling

Benchling is a cloud-based informatics platform that accelerates life sciences R&D by streamlining workflows and centralizing data. The platform offers a suite of applications for molecular biology, including DNA design, antibody design, CRISPR analysis, and protein expression. Benchling's customers include pharmaceutical companies, biotechs, and academic institutions. The company was founded in 2012 and is headquartered in South San Francisco, California.

Learn more about Benchling

Size

500 employees

Industry

Pharmaceuticals & Biotech

Founded

2012

* Ladders Estimates

Similar Jobs

Data Loss Prevention Engineer
$88K — $165K *
Bank of Montreal
Chicago, IL 60629 (Cook County)
Today
Data Loss Prevention Engineer
$82K — $154K *
Bank of Montreal
Toronto, ON M3C 0E3
Today
PIM/PAM Engineer
$110K — $135K *
Capgemini
San Antonio, TX 78228 (Bexar County)
Today
Lead Security Engineer - IOT Asset Intelligence
$120K — $150K *
JP Morgan Chase & Co.
Mclean, VA 22101 (Fairfax County)
Today
Cyber Security Engineer
$90K — $120K *
Clarivate Analytics Plc
Kansas City, KS 66102 (Wyandotte County)
Reposted Today
Cyber Security Engineer
$90K — $120K *
Clarivate Analytics Plc
Kansas City, MO 64118 (Clay County)
Reposted Today

Get Ready For Your
Next Interview

More Jobs at Benchling

Product Support Analyst
$100K — $130K *
San Francisco, CA 94112 (San Francisco County)
Reposted Yesterday
Pharmaceuticals & Biotech
In-Person
Enterprise Security Engineer
$130K — $180K *
San Francisco, CA 94112 (San Francisco County)
2 days ago
Enterprise Technology
In-Person
Field Enablement Manager
$120K — $150K *
San Francisco, CA 94112 (San Francisco County)
5 days ago
Pharmaceuticals & Biotech
In-Person
Field Enablement Manager
$90K — $130K *
Boston, MA 02115 (Suffolk County)
5 days ago
Pharmaceuticals & Biotech
In-Person
Field Enablement Manager
$120K — $150K *
San Francisco, CA 94112 (San Francisco County)
5 days ago
Education, Government & Non-Profit
In-Person

More Enterprise Technology Jobs

Director, Applied AI
$176K — $294K *
Pfizer
New York City, NY 10025 (New York County)
Today
Senior Director, Applied AI - US Commercial
$214K — $358K *
Pfizer
New York City, NY 10025 (New York County)
Today
Senior Enterprise Data Risk Oversight Manager
$120K — $150K *
Truist Financial
Richmond, VA 23223 (Richmond City County)
Today
Senior Business Systems Analyst- EPM Cloud
$90K — $120K *
GE Appliances
Louisville, KY 40214 (Jefferson County)
Today
Senior Cloud Engineer
$100K — $130K *
GE Appliances
Louisville, KY 40214 (Jefferson County)
Today

Find similar Enterprise Security Engineer jobs:

Nationwide Remote

Enterprise Security Engineer

Job Overview by Ladders

Full Job Description

Get Ready For Your Next Interview

Find similar Enterprise Security Engineer jobs:

Get Ready For Your
Next Interview