Security & Compliance Engineer

About the Client

Our client is the leading research data platform that’s transforming the way biomedical and imaging data are managed at leading life sciences, clinical, and academic institutions globally.

The client provides a comprehensive research data solution with all the tools needed for curation, imaging processing, machine learning workflows, and secure collaboration. By leveraging cloud scalability and automating research workflows, they help organizations scale research data and analysis, improve scientific collaboration, and accelerate discoveries.

Role Overview

We are seeking a talented Security & Compliance Engineer to join our client`s passionate team of engineers and scientists. They are creating a world-class data sharing and distributed computing platform serving biomedical imaging and life sciences research. The Scientific Solutions Engineering (SSE) team expands the client`s features and provides value to their customers by developing innovative solutions, such as custom integrations, toolkits, and Gears.

Successful applicants will have a desire to make positive contributions to the biomedical and life sciences communities they serve and a passion for problem-solving, elevating others around them, and delivering quality results on time. This role requires a strong development background and knowledge of the technologies in use by the team, including Python, Docker, Git, unit and integration testing, and CI/CD, with a specific focus on security, compliance, and NIST 800-53 requirements.

In addition to security and compliance‐focused work, this role may also contribute to the

ongoing maintenance and evolution of SSE‐developed Gears and integrations, including reliability, performance, and feature improvements.

This role emphasizes the use of AI‐assisted tooling to accelerate secure development, compliance validation, and ongoing maintenance. The ideal candidate is comfortable leveraging AI systems for code analysis, control mapping, documentation support, and continuous security improvement.

Environment

The SSE team operates as a remote-first, pod-based organization delivering custom solutions for customers in the neuroimaging research space. You will work alongside Solutions Architecture, Product, Engineering, Implementations, and Support teams. The client is highly responsive to customer needs and constantly strives to make a positive contribution to the biomedical and life sciences communities they serve.

They develop best practices for collaborative processes between engineers, the technical operations team, R&D, the SSE team, and the customer. Team members are recognized and rewarded when advocating for customer success, scientific rigor, and reproducible methods above other concerns. They value self-motivated, creative individuals who work well in a collaborative environment, constantly generating and sharing new ideas and innovative solutions with the team.

The team consists of highly skilled engineers and researchers who actively write code, many of whom hold PhDs and have deep backgrounds in scientific research.

Requirements:

• Bachelor’s or master’s degree in computer science, Engineering, or related field.
• 5+ years of experience in software engineering, solutions engineering, or related technical roles.
• Strong software development skills with a proven track record of writing secure, high-quality code and unit tests.
• Solid proficiency with Python, Docker, and Bash.
• Experience with secure software development practices and vulnerability remediation.
• Experience with continuous integration and continuous development (CI/CD), including security scanning and validation.
• Experience working with software development tools such as Git and JIRA (or other issue management software).
• Familiarity with REST APIs, SDKs, and service-based architectures.
• Ability to manage multiple priorities while being responsive to stakeholder needs in a compliance-driven environment.
• Strong attention to detail, particularly in security, compliance, and validation workflows.
• Curiosity and a problem-solving mindset, especially when translating regulatory requirements into technical solutions.

Preferred Skills:

• Familiarity with NIST 800-53, Fed Ramp, FISMA, or related regulatory and compliance frameworks.
• Experience supporting Authorization to Operate (ATO) activities or similar security assessments.
• Knowledge of DICOM standards.
• Experience with Kubernetes and container security.
• Familiarity with vulnerability management tools and secure CI/CD pipelines.
• Experience working with scientific or clinical data workflows, particularly in regulated environments.
• English level: Upper intermediate

Responsibilities:

• Develop, test, and maintain secure, high-quality software components and tools that support compliance with NIST 800-53 controls within the client`s platform.
• Implement, remediate, and validate privacy and security controls across SSE-developed Gears, libraries, and supporting infrastructure.
• Contribute to vulnerability remediation efforts, including analysis, prioritization, and resolution of identified security findings.
• Support compliance documentation and evidence generation, including inputs to SSPs, control matrices, and POA&M items, in close collaboration with security and platform teams.
• Maintain and improve internal tooling, CI/CD pipelines, and SSE‐developed Gears, including ongoing maintenance, bug fixes, performance tuning, and AI‐assisted automation to support secure development practices and continuous compliance.
• Contribute to and uphold secure coding standards, development best practices, and documentation.
• Perform QA, security testing, and validation activities against Gears and the client`s platform.
• Act as a technical resource for SSE, product, and security stakeholders by translating compliance requirements into actionable engineering tasks.
• Work independently with a remote team while coordinating closely with cross-functional partners.