Benchling

Enterprise Security Engineer

Benchling3 days ago
Location

Remote, US

Workplace

Remote

Type

Full Time

Salary

USD 176,000 – 300,000

Level

Senior

Role

Security Engineer

Posted

May 12, 2026

Full TimeRemoteSenior

The role

Summary

Enterprise Security Engineer at Benchling, a leading AI-powered biotech R&D platform, responsible for designing and implementing zero trust architecture, identity and access management, and privileged access controls. This Senior role requires 5+ years of security engineering expertise with deep hands-on experience in IdP platforms like Okta, zero trust implementation, cloud IAM, and macOS MDM management. You'll drive security automation initiatives, define AI service identity standards, and work across technical and non-technical stakeholders to reduce manual security toil while protecting some of the world's most sensitive biotech research data.

What you'll do

Zero Trust Architecture Strategy: Lead the organization's end-to-end zero trust strategy by treating identity, device health, network context, and application sensitivity as continuous inputs to access decisions. Move beyond one-time authentication gates to implement continuous verification and real-time risk assessment across the entire enterprise infrastructure.
Identity and Access Management: Design and maintain least-privilege access patterns, Just-in-Time (JIT) access provisioning, and Privileged Access Management (PAM) controls. Implement RBAC and ABAC frameworks that align with organizational security posture and operational efficiency requirements.
macOS Mobile Device Management: Deploy, configure, and maintain MDM infrastructure for the macOS fleet using platforms like Fleet. Ensure device compliance and health metrics integrate directly into zero trust access policy decisions, creating a seamless security and productivity experience.
SSO and OAuth Management: Enforce Single Sign-On (SSO) required policies across all organizational systems. Review and restrict OAuth scopes, audit third-party integration access, and maintain a comprehensive inventory of authorized integrations with regular access reviews.
Shadow IT and Unauthorized Access Detection: Build processes and tooling to detect shadow IT usage, unauthorized OAuth app grants, and SaaS tools that bypass identity controls. Implement monitoring and alerting to identify risky applications and develop remediation workflows.
AI-Native Security Tooling Evaluation: Evaluate and deploy AI-native security tools where they demonstrably reduce security analyst burden, close coverage gaps faster than traditional approaches, or provide superior detection capabilities. Assess business value and integration complexity before implementation.
AI and LLM Service Identity Security: Define and enforce security standards for AI agent and LLM service identities including scoped API keys, short-lived credentials, and workload identity federation. Establish governance frameworks that enable innovation while maintaining principle of least privilege.
Security Baseline Development: Develop and enforce CIS and NIST-aligned configuration baselines across endpoints, cloud infrastructure, and applications. Maintain baseline documentation, conduct regular compliance audits, and establish deviation tracking and remediation processes.
Automation and Manual Toil Reduction: Meaningfully reduce manual security toil through intelligent automation and AI-assisted tooling. Identify repetitive tasks, build scalable solutions using scripting and infrastructure-as-code approaches, and measure time and cost savings from automation initiatives.

What we look for

Technical

Identity Provider (IdP) Expertise5+ years with deep, hands-on IdP platform expertise, preferably Okta. Demonstrate mastery across SSO implementation, SCIM provisioning, multi-factor authentication (MFA) deployment, user lifecycle management, and Non-Human Identity (NHI) management at scale.
Zero Trust Architecture ImplementationDemonstrated practical experience implementing zero trust architecture end-to-end, not just theoretical knowledge. Evidence of successful deployment of continuous verification, device trust integration, and least-privilege enforcement across organizational infrastructure.
Identity Protocol ProficiencyStrong working knowledge of SAML 2.0, OpenID Connect (OIDC), OAuth 2.0, and SCIM protocols. Ability to troubleshoot integration issues, validate security configurations, and optimize token handling and scope management.
macOS MDM ManagementProficiency managing macOS endpoints at scale using Fleet or equivalent Mobile Device Management platform. Experience with device compliance, configuration profiles, vulnerability patching, and integration with identity systems.
Cloud IAM ExperienceFoundational cloud identity and access management experience with at least one major provider (AWS IAM, Google Cloud IAM, or Azure AD/Entra). Ability to audit, scope, and remediate identity issues in cloud environments including role design and assume role policies.
Scripting and AutomationScripting proficiency in at least one programming language, preferably Python. Demonstrated track record of building automation that eliminated recurring manual work, reduced mean time to remediation, or improved security coverage.
Operating Systems FundamentalsStrong understanding of operating system fundamentals across macOS, Linux, and Windows including authentication mechanisms, permission models, process management, and system hardening techniques relevant to endpoint security.

Education

Bachelor's DegreeBachelor's degree in Computer Science, Information Security, Computer Engineering, or related field. Equivalent professional experience in security engineering with demonstrated expertise may be considered in lieu of formal degree.
Security CertificationsRelevant industry certifications such as CISSP, CISM, CEH, or identity-focused certifications are valued. Okta certifications (Certified Administrator or Consultant) demonstrate specialized expertise in required platforms.

Experience

Security Engineering or IAM Role5+ years of professional experience in security engineering, identity and access management (IAM), or closely related security infrastructure roles. Evidence of progressive responsibility and impact in implementing enterprise-grade security controls.
Enterprise Access Control ImplementationHands-on experience implementing and managing enterprise access control systems across multiple organizational units, cloud environments, and technology stacks. Demonstrated ability to balance security requirements with operational efficiency.
Privileged Access ManagementPractical experience designing and operating Privileged Access Management (PAM) systems including credential management, just-in-time access provisioning, and audit logging. Understanding of attack vectors and protection mechanisms.
Cross-Functional Stakeholder EngagementDemonstrated ability to communicate security concepts effectively with both highly technical teams and non-technical business stakeholders. Experience translating security requirements into business value propositions and building internal security awareness.

Skills

Required skills

Okta Administration and ConfigurationExpert-level ability to design, configure, and operate Okta identity platform including SSO, adaptive authentication, app integration, user provisioning via SCIM, and troubleshooting authentication failures.
Zero Trust Security FrameworkDeep understanding of zero trust principles including continuous verification, principle of least privilege, microsegmentation, and risk-based access control. Ability to operationalize zero trust across infrastructure, applications, and users.
Identity and Access Management (IAM)Comprehensive expertise in modern IAM including identity governance, access provisioning, deprovisioning, segregation of duties (SoD) enforcement, and compliance mapping to regulatory requirements.
Endpoint Management and Mobile Device ManagementHands-on experience deploying, configuring, and managing MDM solutions like Fleet. Ability to create compliance policies, distribute security configurations, monitor device health, and integrate endpoint data into security decisions.
Cloud Identity and Access ManagementProficiency with cloud IAM services including AWS Identity and Access Management (IAM), Google Cloud Identity and Access Management (IAM), or Microsoft Entra ID. Ability to design least-privilege roles, manage service accounts, and audit cloud permissions.
Python Scripting and AutomationIntermediate to advanced Python proficiency for building security automation scripts, API integrations, log analysis tools, and workflow automation. Ability to leverage libraries and APIs to accelerate security operations.
OAuth 2.0 and SAML IntegrationStrong technical understanding of OAuth 2.0 and SAML 2.0 protocols. Ability to design secure integrations, identify and prevent common vulnerabilities like token replay and scope creep, and audit third-party application access.
Security Audit and Compliance AssessmentExperience conducting security audits, performing access reviews, identifying control gaps, and mapping configurations to frameworks like CIS Benchmarks, NIST Cybersecurity Framework, and SOC 2 requirements.

Nice to have

Zero Trust Network Access (ZTNA) PlatformsHands-on experience deploying and operating Zero Trust Network Access (ZTNA) solutions such as Cloudflare Access, Zscaler Private Access, or Tailscale. Understanding of operational patterns around VPN replacement and identity-aware network segmentation.
AI Coding AssistantsHands-on experience using AI-powered coding assistants such as GitHub Copilot, Claude, or Cursor to accelerate development velocity, improve code quality, and reduce time spent on repetitive coding tasks.
AI and ML Service Identity GovernanceExperience governing identity and access for AI agents, machine learning services, or Language Model (LLM) API integrations. Understanding of unique security challenges posed by AI workloads and appropriate control mechanisms.
Privileged Access Management (PAM) SolutionsHands-on experience with PAM platforms such as HashiCorp Vault, AWS Secrets Manager, or Okta Privileged Access. Understanding of secrets rotation, audit logging, and credential issuance for privileged identities.
Okta CertificationOkta Certified Administrator (OCA) or Okta Certified Consultant (OCC) certification demonstrating advanced expertise in Okta platform architecture, configuration, and troubleshooting.
Security Compliance FrameworksExperience implementing and maintaining compliance with frameworks such as SOC 2, ISO 27001, HIPAA, or FDA regulations. Understanding of documentation, evidence collection, and audit preparation.
Threat Detection and Incident ResponseBackground in security operations, threat detection, or incident response. Ability to design logging strategies, interpret security signals, and correlate indicators of compromise to identify unauthorized access attempts.

Compensation & benefits

Salary

USD 176,000 – 300,000 (annual)

Stock options

Available

Benefits

Equity Compensation

Competitive stock option grants that vest over four years with a one-year cliff, providing meaningful upside participation as Benchling continues its growth trajectory in the AI-driven biotech space.

Comprehensive Health Insurance

Medical, dental, and vision insurance plans for employees and dependents with employer contributions designed to maximize coverage while minimizing out-of-pocket costs.

Retirement Planning

401(k) retirement plan with employer matching contributions to help employees build long-term wealth and financial security.

Flexible Time Off

Flexible paid time off policy allowing employees to balance work and personal commitments while maintaining productivity and engagement with high-impact projects.

Professional Development and Learning

Budget for professional development, security certifications (such as CISSP or Okta certifications), conference attendance, and training programs to stay current with evolving security threats and technologies.

Mental Health and Wellness

Access to mental health resources, wellness programs, meditation apps, and fitness benefits to support employee wellbeing and work-life balance.

Parental Leave

Generous parental leave policies supporting both birth and adoptive parents in balancing career and family responsibilities.

Work Environment and Tools

Stipends for home office equipment, collaboration tools, and technology to create a comfortable and productive work environment whether working remotely or in the office.

Apply for this position

You'll be redirected to the company's application page

Benchling

Benchling

View all jobs

Benchling is a cloud-based platform for life sciences research and development, offering digital solutions for scientific data management, collaboration, and process optimization.

San Francisco, CA, USAFounded 2011benchling.com
Apply Now

On this page