Senior Security Engineer, London London

Isomorphic Labs is applying frontier AI to help unlock deeper scientific insights, faster breakthroughs, and life‑changing medicines with an ambition to solve all disease. We drive breakthrough innovation in drug discovery, leveraging cutting‑edge AI models and high‑performance computing infrastructure.

Your impact

As a Senior Security Engineer, you will architect and manage the security of our groundbreaking ML‑based platform and High Performance Computing (HPC) infrastructure. This role requires a highly proactive problem‑solver who enjoys a fast‑paced environment and possesses the curiosity to dive into diverse technical challenges.

What you will do

• Secure Architecture and Product Engineering: Participate in the design and perform security reviews of our evolving AI platforms and underlying HPC infrastructure.
• Infrastructure as Code (IaC) Security: Partner with our DevOps / SRE team to harden our cloud infrastructure and network, ensuring security by design, automation and auditability through Policy as Code.
• Third Party Systems Secure Integration: Perform deep‑dive technical assessments of third‑party platforms, AI solutions, Cloud or SaaS providers and support secure integration or deployment.
• Secure CI/CD: Design and implement automated security controls within our CI/CD pipelines to ensure code is secure from commit to production without slowing down research velocity.
• Threat Modeling & Risk Assessment: Conduct proactive threat modeling and risk assessment, support teams in the implementation of remediation plan and audit expected outcomes.
• Incident Response: Act as a L2/L3 escalation point for the remediation of complex vulnerabilities and security incidents.
• Identity & Access Management: Implement our state‑of‑the‑art Zero Trust framework, ensuring robust access control and consistent enforcement of the principle of least privilege.
• Risk Management and Compliance Automation: Bridge the gap between technical controls and regulatory requirements (GDPR, GxP, EU AI Act) by automating evidence collection and risk posture monitoring (CSPM).
• Security Tooling Development: Build or integrate custom internal tools that automate repetitive security tasks, shifting our operational load from manual toil to scalable engineering.
• End‑to‑End Solution Delivery: Manage the full lifecycle of security controls, from initial user needs analysis and requirements gathering to structured testing and phased implementation and communication, ensuring high‑quality deployment followed by data‑driven continuous improvement.

Skills and qualifications

• Cloud Engineering Proficiency: Deep technical knowledge of cloud platform security (GCP preferred) including Network and VPC design, IAM policy construction, Cloud resources hardening and Cloud native security services.
• Analytical Risk Management and Problem Solving: Proficiency in assessing multi‑faceted risks and decomposing complex security issues into manageable tasks and providing data‑driven recommendations to stakeholders.
• Coding Skills: Ability to write small production‑grade code (e.g. in Python) and to automate security tasks, build custom tooling, etc.
• DevSecOps Tooling: Hands‑on experience with Infrastructure as Code (Terraform) and version control systems (GitHub) to manage security configurations.
• Container Security: Proven ability to secure containerised workloads (Kubernetes/Docker), focusing on image signing, runtime protection, and orchestration security.
• Network Security Fundamentals: Solid understanding of modern networking, including zero‑trust architecture, encryption in transit (TLS/mTLS), and API gateway security.
• Identities and Access Management: Proficiency in implementing a state‑of‑the‑art IAM strategy both from an organisational and technical standpoints in a multi‑tenant cloud environment.
• Collaborative Security Culture: Strong ability to support researchers in AI and Drug Discovery, leveraging excellent listening skills, to provide pragmatic advice that balances high‑security requirements with business agility.
• Adaptability & Communication: Excellent soft skills with the ability to navigate an ambiguous, high‑growth environment and explain technical risks to non‑security audiences.
• Offensive Mindset: Strong understanding of the MITRE ATT&CK framework and the ability to think like an adversary to identify "blind spots" in our defence.

Nice to have

• AI/ML Security Interest: Familiarity with the unique security challenges of an AI first company and other common AI solutions such as LLMs.
• Regulated Industry Experience: Prior experience working in BioTech, Pharma where data integrity and regulatory compliance are paramount.
• Advanced Security Certifications: Holding industry‑recognised credentials such as GSE, OSCP, CISSP or professional‑level Cloud Security Engineer certifications.
• Application Security (AppSec): Experience with SAST/DAST/SCA tools and a strong understanding of the OWASP Top 10 vulnerabilities.
• Zero Trust Implementation: Past success in transitioning an organisation away from traditional perimeter‑based security towards a mature Zero Trust model.
• SecOps Maturity: Experience building or scaling a Security Operations Centre (SOC) or a Modern Detection and Response (MDR) function.
• Collaboration Tool Mastery: Advanced experience securing and automating SaaS. In particular, Google Workspace, the Atlassian stack (Jira/Confluence), Slack.
• Bio‑Pharma Experience: Prior exposure to GxP validation, clinical trial data protections, or the nuances of Lab‑IT security.
• Privacy Engineering: Knowledge of PETs (Privacy Enhancing Technologies) like differential privacy or homomorphic encryption.

We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.