Principal Security & Infrastructure Engineer

Profluent is seeking a Principal Infrastructure & Security Engineer to serve as the primary owner of Profluent’s security posture across scientific systems, lab automation environments, cloud and business infrastructure, endpoints, identity systems, and core operational workflows.

This person will be accountable for the design, implementation, operation, and continuous improvement of the technical controls, security standards, and operating practices that protect Profluent’s systems and data. This includes security architecture, access controls, hardening, monitoring, incident readiness, vendor and customer security assurance, and the systems and evidence required to achieve and maintain compliance commitments.

This is not a narrow compliance-only or infrastructure-only role. It is a broad ownership role for security across Profluent’s environments, with close partnership across Operations, Machine Learning, Bioinformatics, and Lab Automation.

• →Own Profluent’s overall security and compliance posture across company systems, scientific computing, lab automation, endpoints, identity, SaaS, cloud infrastructure, networking, and data-handling workflows, and be accountable for the ongoing maturity of security controls and practices across those environments
• →Lead the implementation and operational maturity work required for Profluent to achieve and maintain SOC 2 and related compliance certification requirements, including control operation, evidence collection, monitoring, and repeatable processes
• →Serve as the primary owner for security and compliance readiness across company systems, ensuring that Profluent can meet ongoing audit, certification, and customer assurance requirements over time 
• →Own the translation of customer agreements, internal policies, and compliance requirements into concrete technical and operational controls
• →Standardize and harden bioinformatics, lab informatics, and machine learning environments to align with security, reliability, and compliance requirements
• →Define and drive adoption of secure baseline configurations, access controls, logging, backup practices, patching standards, and change management processes
• →Own and evolve how Profluent approaches security more broadly, identifying gaps, prioritizing risks, and driving improvements beyond minimum compliance scope
• →Drive standardization of Windows-based lab automation environments, balancing security, uptime, vendor constraints, and usability in laboratory settings
• →Collaborate with stakeholders to document controls, system boundaries, standard operating procedures, and technical evidence needed for audits, certification efforts, and customer reviews
• →Support vendor and platform evaluations related to security, observability, endpoint management, and infrastructure operations
• →Improve identity, access, and account lifecycle management across company systems, including onboarding, offboarding, least-privilege access, and periodic access review support 
• →Monitor key systems and respond to operational issues with an emphasis on root-cause analysis and durable remediation
• →Maintain asset, system, and environment documentation so that critical processes are auditable, supportable, and repeatable

• Experience operating with broad ownership across infrastructure, security, and compliance in regulated, audit-conscious, or security-sensitive environments
• Experience serving as the most senior or primary security owner in a startup or scaling environment, even without a large dedicated security team
• Breadth across infrastructure security, corporate security, IAM, endpoint management, logging and monitoring, vulnerability reduction, incident response, vendor risk, and compliance
• Demonstrated ability to take ownership in ambiguous environments and set direction, not just execute within a narrowly defined specialty
• Familiarity with Windows-based lab automation systems and the realities of instrument-connected or vendor-managed environments
• Experience implementing or operating against security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, or similar
• Strong understanding of identity and access management, SSO, MFA, endpoint management, logging, patching, vulnerability reduction, and system hardening
• Ability to translate compliance and contractual data-handling requirements into concrete technical and operational controls
• Strong documentation skills, with the ability to create policies, procedures, standards, and technical runbooks that others can follow
• Experience preparing organizations for, achieving, or maintaining external compliance certifications or audit readiness
• Experience with infrastructure as code and/or configuration management tools such as Terraform, Ansible, or equivalent
• Experience administering Windows environments, preferably including systems used in laboratory, automation, manufacturing, or instrument-connected settings

• Familiarity with audit evidence preparation, control testing, and coordination with external auditors
• Familiarity with networking fundamentals including firewalls, routing, VLANs, NAT, VPNs, and secure remote access
• Experience influencing cross-functional teams and improving organizations mature security practices without relying on rigid bureaucracy

Applicants must have ongoing work authorization in the United States that does not require employer sponsorship. Sponsorship will not be provided now or at any time in the future for this position.

Legal authorization to work in the United States is required. In compliance with federal law, all persons hired must verify their identity and work eligibility and complete the required employment verification form upon hire.