Senior Security Engineer, Cloud

10x Genomics was founded to deliver powerful and reliable tools that fuel key scientific discoveries and drive exponential progress in our mastery of biology to advance human health. Our talented team has a distinguished record of creating innovative instruments, reagents, and software that analyze biological systems at a resolution that matches the complexity of biology.

About the role:

Our team is looking for a Cloud Security Engineer with extensive security and cloud knowledge to help drive 10x Genomics' efforts in creating and expanding our SaaS products and internal services. The engineer that we hire for this role is responsible for the overall security of the 10x Genomics cloud environments and works closely with software engineering and Site Reliability Engineers (SRE) to build and maintain a secure, resilient cloud platform.

As a Cloud Security Engineer, you will be the technical subject matter expert for cloud security, identity, and cloud based incident response. You will perform design reviews, architect secure cloud resources, and conduct technical security assessments to highlight risk and help engineering teams improve their security posture. You will be a security leader within the company, ensuring security is a foundational component of all our cloud services. This position requires deep technical knowledge across a range of disciplines and the ability to work hands-on across a wide variety of technology stacks.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment, we encourage you to apply.

What you will be doing

• Serve as the primary technical security resource on all cloud development, providing expert guidance on secure architecture and deployment.
• Architect, implement, and maintain a comprehensive cloud identity and access management (IAM) strategy, enforcing principles of least privilege, federation, and privileged access management.
• Create, review and update cloud-based IAM policies to make sure access policies are least privileged, properly scoped, and governed by version control (Terraform + GitHub)
• Lead and contribute to cloud security incident response activities, including detection, investigation, containment, eradication, and post-mortem analysis.
• Monitor security alerts and respond in a timely manner to address issues directly or in coordination with other teams.
• Periodically carry out threat modeling exercises, penetration tests, and security scanning to verify security posture and identify new attack surfaces.
• Identify, recommend, and assist with the remediation of cloud control deficiencies and security gaps.
• Create and maintain documentation for cloud security architecture, processes, standards, and runbooks.

Minimum Requirements

• Proven, extensive expertise in designing, building, and securing large-scale public cloud infrastructure (AWS preferred).
• Demonstrable experience leading or significantly contributing to cloud incident response efforts, including forensics and analysis.
• Expert-level understanding of identity and access management (IAM) concepts, including federation (SAML/OIDC), role-based access control (RBAC), and privileged access management (PAM) in a cloud context.
• Proficiency in at least one programming language, such as Python or Go.
• 5 years of experience in information security, with at least 3 years in Cloud Security
• Experience with Terraform,GitHub or similar for cloud infrastructure management.
• Experience with cloud and web application security standards (CIS benchmarks, OWASP ASVS, SANS 25, etc.)

Preferred Skills and Experience

• Experience with Cloud security products, such as GuardDuty, CloudTrail, IAM Access Analyzer, Wiz, and Security Hub.
• Experience with Infrastructure-as-Code tools, such as Terraform and Ansible.
• Experience with SIEM, SOAR, and vulnerability management products.
• Experience with container security (Docker, Kubernetes).
• In-depth technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
• Experience securing operating systems, networks, and low-level infrastructure.
• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
• Excellent written and verbal communications skills.