Benchling

Enterprise Security Engineer

Benchling3 weeks ago
Location

San Francisco, CA

Type

Full Time

Salary

USD 189,000 – 256,000

Level

Senior

Role

Enterprise Security Engineer

Posted

Jun 4, 2026

Full TimeSenior

The role

Summary

Benchling is seeking an Enterprise Security Engineer to build a cutting-edge security program that leverages AI and automation to protect sensitive biotech research data. The ideal candidate will drive zero trust strategy, implement advanced identity and access management solutions, and help secure the company's innovative AI-powered scientific platform.

What you'll do

Zero Trust Strategy: Drive end-to-end zero trust strategy by integrating identity, device health, network context, and application sensitivity into continuous access decisions
Access Management: Design and maintain least-privilege access patterns, implement Just-in-Time (JIT) access, and manage Privileged Access Management (PAM) controls
Device Security: Deploy and maintain MDM infrastructure for macOS fleet, ensuring device compliance feeds directly into zero trust access policy decisions
Identity Governance: Enforce SSO policies, review and restrict OAuth scopes, and audit third-party integration access
Security Tooling: Build processes to detect shadow IT, unauthorized OAuth app grants, and develop AI-native security solutions to reduce analyst burden
AI Security Standards: Define and enforce security standards for AI agent and LLM service identities, including scoped API keys and workload identity federation
Compliance and Automation: Develop CIS/NIST-aligned configuration baselines and implement automation to reduce manual work

What we look for

Technical

Identity ManagementDeep expertise in Identity Providers (preferably Okta), including SSO, SCIM, MFA, and Lifecycle Management
Zero Trust ArchitectureProven experience implementing continuous verification, device trust integration, and least-privilege enforcement
Identity ProtocolsStrong working knowledge of SAML, OIDC, OAuth 2.0, and SCIM

Education

CybersecurityBachelor's degree in Computer Science, Cybersecurity, or related technical field preferred

Experience

Security Engineering5+ years in security engineering or Identity and Access Management (IAM) focused roles
Cloud IAMFoundational experience with cloud IAM across AWS, GCP, or Azure
Endpoint ManagementProficiency in managing macOS endpoints at scale using Fleet or equivalent MDM platform

Skills

Required skills

PythonScripting proficiency, with ability to develop automation scripts
macOS ManagementHands-on experience with macOS endpoint management and security
Zero TrustPractical implementation of zero trust security principles

Nice to have

ZTNA PlatformsExperience with Zero Trust Network Access platforms like Cloudflare Access, Zscaler, or Tailscale
AI SecurityExperience in governing AI/ML service identities and securing LLM API integrations
Privileged Access ManagementFamiliarity with PAM solutions like HashiCorp Vault or AWS Secrets Manager

Compensation & benefits

Salary

USD 189,000 – 256,000 (annual)

Benefits

Hybrid Work

Flexible work arrangement with 3 days per week in-office collaboration

Diverse and Inclusive Environment

Commitment to diversity, equity, and inclusion in the workplace


Interview process

  1. 1
    AI-Focused Exercise Candidates will complete a brief AI-focused exercise or discussion to demonstrate AI thinking and application

Apply for this position

You'll be redirected to the company's application page