Senior Security Engineer

Isomorphic Labs is applying frontier AI to help unlock deeper scientific insights, faster breakthroughs, and life‑changing medicines with an ambition to solve all disease. Come and be part of an interdisciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring and collaborative culture.

About Iso

Isomorphic Labs (IsoLabs) was launched in 2021 to advance human health by building on and beyond the Nobel‑winning AlphaFold system. Since then, our interdisciplinary team of drug discovery experts and machine learning specialists has built powerful new predictive and generative AI models that accelerate scientific discovery at digital speed. Our name comes from the belief that there is an underlying symmetry between biology and information science. By harnessing AI's powerful capabilities, we can use it to model complex biological phenomena to help design novel molecules, anticipate how drugs will perform and develop innovative medicines to treat and cure some of the world's most devastating diseases. We have built a world‑leading drug design engine comprising AI models that are capable of working across multiple therapeutic areas and drug modalities. We are continually innovating on model architecture and developing cutting‑edge capabilities to advance rational drug design. Every day, and with each new breakthrough, we're getting closer to the promise of digital biology, and achieving our ambitious mission to one day solve all disease with the help of AI.

Your impact

As a Senior Security Engineer, you will architect and manage the security of our groundbreaking ML‑based platform and High Performance Computing (HPC) infrastructure. This role requires a highly proactive problem‑solver who enjoys a fast‑paced environment and possesses the curiosity to dive into diverse technical challenges. You will act as a versatile, T‑shaped engineer, overseeing security solutions from initial requirement gathering to final implementation. By combining deep technical know‑how with strong collaborative skills, you will ensure our security posture evolves as quickly as our research, managing the end‑to‑end lifecycle of our defense systems.

What you will do

• Secure Architecture and Product Engineering: Participate in the design and perform security reviews of our evolving AI platforms and underlying HPC infrastructure.
• Infrastructure as Code (IaC) Security: Partner with our DevOps / SRE team to harden our cloud infrastructure and our network, ensuring security by design, automation and auditability through Policy as Code.
• Third Party Systems Secure Integration: Perform deep‑dive technical assessments of third‑party platforms, AI solutions, Cloud or SaaS providers and support secure integration or deployment.
• Secure CI/CD: Design and implement automated security controls within our CI/CD pipelines to ensure code is secure from commit to production without slowing down research velocity.
• Threat Modeling & Risk Assessment: Conduct proactive threat modeling and risk assessment, support teams in the implementation of remediation plan and audit expected outcomes.
• Incident Response: Act as a L2/L3 escalation point for the remediation of complex vulnerabilities and security incidents.
• Identity & Access Management: Implement our state‑of‑the‑art Zero Trust framework, ensuring robust access control and consistent enforcement of the principle of least privilege.
• Risk Management and Compliance Automation: Bridge the gap between technical controls and regulatory requirements (GDPR, GxP, EU AI Act) by automating evidence collection and risk posture monitoring (CSPM).
• Security Tooling Development: Build or integrate custom internal tools that automate repetitive security tasks, shifting our operational load from manual toil to scalable engineering.
• End‑to‑End Solution Delivery: Manage the full lifecycle of security controls, from initial user needs analysis and requirements gathering to structured testing and phased implementation and communication, ensuring high‑quality deployment followed by data‑driven continuous improvement.

Skills and qualifications

Essential

• Cloud Engineering Proficiency: Deep technical knowledge of cloud platform security (GCP preferred) including Network and VPC design, IAM policy construction, Cloud resources hardening and Cloud native security services.
• Analytical Risk Management and Problem Solving: Proficiency in assessing multi‑faced risks and decomposing complex security issues into manageable tasks and providing data‑driven recommendations to stakeholders.
• Coding Skills: Ability to write small production‑grade code (e.g. in Python) and to automate security tasks, build custom tooling, etc.
• DevSecOps Tooling: Hands‑on experience with Infrastructure as Code (Terraform) and version control systems (GitHub) to manage security configurations.
• Container Security: Proven ability to secure containerized workloads (Kubernetes/Docker), focusing on image signing, runtime protection, and orchestration security.
• Network Security Fundamentals: Solid understanding of modern networking, including zero‑trust architecture, encryption in transit (TLS/mTLS), and API gateway security.
• Identities and Access Management: Proficiency in implementing a state of the art IAM strategy both from an organisational and technical standpoints in a multi‑tenant cloud environment.
• Collaborative Security Culture: Strong ability to support researchers in AI and Drug Discovery, leveraging excellent listening skills, to provide pragmatic advice that balances high‑security requirements with business agility.
• Adaptability & Communication: Excellent soft skills with the ability to navigate an ambiguous, high‑growth environment and explain technical risks to non‑security audiences.
• Offensive Mindset: Strong understanding of the MITRE ATT&CK framework and the ability to think like an adversary to identify blind spots in our defense.

Nice to have

• AI/ML Security Interest: Familiarity with the unique security challenges of an AI first company and other common AI solutions such as LLMs.
• Regulated Industry Experience: Prior experience working in BioTech, Pharma where data integrity and regulatory compliance are paramount.
• Advanced Security Certifications: Holding industry‑recognized credentials such as GSE, OSCP, CISSP or professional‑level Cloud Security Engineer certifications.
• Application Security (AppSec): Experience with SAST/DAST/SCA tools and a strong understanding of the OWASP Top 10 vulnerabilities.
• Zero Trust Implementation: Past success in transitioning an organization away from traditional perimeter‑based security toward a mature Zero Trust model.
• SecOps Maturity: Experience building or scaling a Security Operations Center (SOC) or a Modern Detection and Response (MDR) function.
• Collaboration Tool Mastery: Advanced experience securing and automating SaaS. In particular, Google Workspace, the Atlassian stack (Jira/Confluence), Slack.
• Bio‑Pharma Experience: Prior exposure to GxP validation, clinical trial data protections, or the nuances of Lab‑IT security.
• Privacy Engineering: Knowledge of PETs (Privacy Enhancing Technologies) like differential privacy or homomorphic encryption.

Culture and values

Thoughtful: Thoughtful at Iso is about curiosity, creativity and care. It is about good people doing good, rigorous and future‑making science every single day.

Brave: Brave at Iso is about fearlessness, but it's also about initiative and integrity. The scale of the challenge demands nothing less.

Determined: Determined at Iso is the way we pursue our goal. It's a confidence in our hypothesis, as well as the urgency and agility needed to deliver on it.

Together: Together at Iso is about connection, collaboration across fields and catalytic relationships. It's knowing that transformation is a group project, and remembering that what we're doing will have a real impact on real people everywhere.

Creating an extraordinary company

We believe that to be successful we need a team with a range of skills and talents. We're building an environment where collaboration is fundamental, learning is shared and every employee feels supported and able to thrive. We value unique experiences, knowledge, backgrounds, and perspectives, and harness these qualities to create extraordinary impact.

Hybrid working

It's hugely important for us to share knowledge and build strong relationships with each other, and we find it easier to do this if we spend time together in person. This is why we follow a hybrid model, and would require you to be able to come into the office 3 days a week (currently Tuesday, Wednesday, and one other day depending on which team you're in). If you have additional needs that would prevent you from following this hybrid approach, we'd be happy to talk through these if you're selected for an initial screening call.

We are committed to equal employment opportunities regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy or related condition (including breastfeeding) or any other basis protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.