Senior Security Engineer

Causaly is redefining how humans acquire knowledge and develop insights in biomedicine. Our AI-powered platform enables researchers and decision-makers to discover and interpret evidence from millions of scientific publications, clinical trials, regulatory documents, and other complex data sources in minutes.

We are building the world’s most advanced biomedical knowledge platform, powered by a high-precision Knowledge Graph and GenAI capabilities. Our technology is already used by leading biopharmaceutical organizations to accelerate drug discovery, improve safety, and drive better decision-making.

Backed by top-tier investors including ICONIQ, Index Ventures, Pentech, and Marathon, we are scaling rapidly and expanding our product suite and market presence. 

We are looking for a Senior or Staff Security Engineer to join our security team and own our vulnerability management program, collaborate with several Engineering and Product teams as a Security advisor and support SecOps. You will operate with a high degree of autonomy — defining strategy, building processes, and acting as a trusted security advisor to our engineering organisation.

• →

  Own the vulnerability management program end-to-end: strategy, tooling, prioritisation, and remediation tracking across dependencies, containers, and cloud environments.

• →

  Define and maintain a dependency security strategy, including policies for third-party library adoption and update cadence.

• →

  Integrate and maintain security tooling in CI/CD pipelines (SAST, SCA, secrets detection, container scanning).

• →

  Act as a security consultant to product and engineering squads — supporting design reviews, architecture decisions, and secure coding practices.

• →

  Define and maintain security standards and guidelines practical for development teams.

• →

  Manage and continuously improve the Security Champions program — growing security awareness and capability across engineering teams.

• →

  Support SecOps in incident triage and response, contributing security engineering context where needed.

• Strong knowledge of cloud security — IAM, network security, secure configuration best practices.

• Hands-on experience with security tooling in CI/CD pipelines (SAST, SCA, secrets scanning, container scanning).

• Proven experience in a vulnerability management role, through the entire lifecycle.

• Passionate and knowledgeable about using LLMs for building robust security practices, including triage, secure code review, threat analysis and tooling

• In-depth knowledge of secure coding practices in Node.js, TypeScript, Python, and/or React.

• Familiarity with security frameworks and standards (e.g. OWASP, NIST, CIS Benchmarks).

• Strong communication skills, with the ability to translate risk for both technical and non-technical audiences.

• Experience with Semgrep for static analysis and custom rule authoring.

• Experience with Wiz for cloud security posture management.

• Experience running or contributing to a Security Champions program.

• Experience with threat modelling (e.g. STRIDE).

• Familiarity with SOC 2 and ISO 27001.

• Relevant certifications are considered a plus (e.g. CISSP, IaaS specific certifications, etc..).