Natera
Lead Security Engineer
Natera, San Carlos, California, 94071
Lead Security Engineer, Product Security POSITION SUMMARY We are looking for a highly skilled and motivated Lead Application Security Engineer to join our security team at Natera. This position is a highly visible, business-facing, and hands-on role. The ideal candidate will be responsible for ensuring the security of our applications through the identification of vulnerabilities, implementation of security measures, and promotion of best practices across the development lifecycle. This role requires expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration test, vulnerability management, WAF, API security, and ideally, a strong understanding of application security compliance standards such as OWASP, SOC2, NIST, HIPAA, and FDA Cybersecurity Guidelines. You will lead, build, and maintain the application security initiatives, including security architecture, security testing, and related security compliances for the Natera market segment. Additionally, you will lead the product security policies, strategies, and activities, as well as interact with product and engineering teams through the security champion program. You will collaborate with senior-level leaders and key stakeholders on matters that often require the coordination of activity across organizational lines to build and maintain robust and scalable enterprise security solutions. PRIMARY RESPONSIBILITIES: Lead, build, and maintain the application security initiatives, including security architecture, security testing, vulnerability management, and security champion program Develop and enforce product security policies, reference architectures, procedures, and standards in compliance with SOC2, FDA Cybersecurity Guidelines, NIST, HIPAA, and other relevant regulations Conduct security assessments, including SAST, DAST, pen test, to identify vulnerabilities in applications Expert hands on experiences in WAF, API Security in complex enterprise environments Collaborate with development teams to integrate security practices into the secure software development lifecycle (SDLC) Lead the product security strategies and activities, ensuring alignment with business objectives. Perform penetration testing and simulate attacks to identify potential security weaknesses. Monitor and respond to security incidents, providing timely analysis and resolution. Stay up-to-date with the latest security trends, vulnerabilities, and technologies Provide training and guidance to developers on secure coding practices Participate in the design and architecture of secure applications and systems Assist in compliance efforts and audits related to application security, including preparation of necessary documentation Interact with senior-level leaders and key stakeholders to coordinate activities across organizational lines and maintain robust and scalable enterprise business solutions Keep track of new regulations, industry best practices, and implement continuous improvement on an ongoing basis Collaborate with Information Security, Engineering and product teams to create, maintain and deliver an overall compliance/certifications roadmap Collaborate with Technical Program Management and Engineering, and help drive the development of standardized processes and procedures to assure product security requirements are accounted for in New Product Introduction (NPI), New Feature Introduction (NFI), and acquisition activities Requirements Bachelor's degree in Computer Science, Information Security, or a related field 10 years of experience in application security or a related role Strong knowledge of security principles, vulnerabilities, and remediation techniques Experience with SAST and DAST tools such as OWASP ZAP, Burp Suite, Checkmarx, Veracode, or similar Proficiency in programming languages such as Java, C#, Python, or JavaScript Familiarity with web application security standards (e.g., OWASP Top Ten) Understanding of compliance standards such as SOC2, FDA Cybersecurity Guidelines, NIST, and how they apply to application security Excellent analytical and problem-solving skills Strong communication skills and the ability to work collaboratively in a team environment. Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus Strong analytical abilities to make data-based and strategic value-driven business decisions, including the ability to make reasoned decisions in the face of uncertainty or imperfect data Strong technical background and communication skills are highly preferred The pay range is listed and actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations. Remote USA $172,400-$215,450 USD OUR OPPORTUNITY Natera™ is a global leader in cell-free DNA (cfDNA) testing, dedicated to oncology, women's health, and organ health. Our aim is to make personalized genetic testing and diagnostics part of the standard of care to protect health and enable earlier and more targeted interventions that lead to longer, healthier lives. The Natera team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for our work and each other. When you join Natera, you'll work hard and grow quickly. Working alongside the elite of the industry, you'll be stretched and challenged, and take pride in being part of a company that is changing the landscape of genetic disease management. WHAT WE OFFER Competitive Benefits - Employee benefits include comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents. Additionally, Natera employees and their immediate families receive free testing in addition to fertility care benefits. Other benefits include pregnancy and baby bonding leave, 401k benefits, commuter benefits and much more. We also offer a generous employee referral program For more information, visit www.natera.com. Natera is proud to be an Equal Opportunity Employer. We are committed to ensuring a diverse and inclusive workplace environment, and welcome people of different backgrounds, experiences, abilities and perspectives. Inclusive collaboration benefits our employees, our community and our patients, and is critical to our mission of changing the management of disease worldwide. All qualified applicants are encouraged to apply, and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, veteran status, disability or any other legally protected status. We also consider qualified applicants regardless of criminal histories, consistent with applicable laws. If you are based in California, we encourage you to read this important information for California residents. Link: https://www.natera.com/notice-of-data-collection-california-residents/ Please be advised that Natera will reach out to candidates with a natera.com email domain ONLY. Email communications from all other domain names are not from Natera or its employees and are fraudulent. Natera does not request interviews via text messages and does not ask for personal information until a candidate has engaged with the company and has spoken to a recruiter and the hiring team. Natera takes cyber crimes seriously, and will collaborate with law enforcement authorities to prosecute any related cyber crimes. For more information: - BBB announcement on job scams - FBI Cyber Crime resource page