At 10x Genomics, accelerating our understanding of biology is more than a mission for us. It is a commitment. This is the century of biology, and the breakthroughs we make now have the potential to change the world.
We enable scientists to advance their research, allowing them to address scientific questions they did not even know they could ask. Our tools have enabled fundamental discoveries across biology including cancer, immunology, and neuroscience.
Our teams are empowered and encouraged to follow their passions, pursue new ideas, and perform at their best in an inclusive and dynamic environment. We know that behind every scientific breakthrough, there is a deep infrastructure of talented people driving the life sciences industry and making it possible for scientists and clinicians to make new strides. We are dedicated to finding the very best person for every aspect of our work because the innovations and discoveries that we enable together will lead to better technologies, better treatments, and a better future. Find out how you can make a 10x difference.
About the role:
Our team is looking for a Senior Application Security Engineer with extensive product security experience and superb knowledge of software security standards and best practices to join our team. We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, join us at 10x Genomics.
As our first Application Security Engineer, you will be the technical subject matter expert for multiple areas of application and product security. You will be responsible for performing design reviews, technical security assessments, and code reviews to highlight risk and help engineering teams improve the overall security of our products. You will be a security leader within the company, gaining a solid understanding of our products and systems, and ensuring that security is built in. This position requires both deep and broad technical knowledge across a range of disciplines, and the ability to work hands-on across a wide variety of software designs and technology stacks.
What you will be doing:
- Serve as a primary technical security resource on all product development.
- Perform design reviews and technical security assessments to highlight risk and help engineering teams improve the overall security of our products.
- Design and implement security best practices and standards across varied engineering teams and environments.
- Implement and conduct code reviews with a combination of static testing, manual reviews, and dynamic analysis / pen-testing.
- Conduct threat modeling, identify & drive risk decisions, and influence technical designs and architectures.
- Design and implement tooling and automation for application security (e.g. SAST/DAST in CI/CD)
- Advocate for security culture and educate colleagues across all parts of 10x.
To be successful in this role, you must have:
- A Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity, Information Security, or a related technical field.
- 10+ years of hands-on technical experience.
- Software engineering experience in all phases of the software development lifecycle.
- Strong experience in web security (SSL/TLS, REST, OAuth, SAML, XSS, etc.)
- Experience with cloud and web application security standards (OWASP ASVS, SANS 25, etc.)
- Excellent written and verbal communications skills.
Nice to have:
- A Master's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity, Information Security, or a related technical field.
- In-depth technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
- Experience with securing firmware / embedded systems.
- Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
- Experience securing operating systems, networks, and low-level infrastructure.
- Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
Individuals seeking employment at 10x Genomics are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
10x does not accept unsolicited applicants submitted by third-party recruiters or agencies. Any resume or application submitted to 10x without a vendor agreement in place will be considered unsolicited and property of 10x, and 10x will not pay a placement fee.