Senior Cloud Security Engineer

Senior Cloud Security Engineer, London or Lausanne

We are looking for experienced engineers - Senior, Principal, Staff or equivalent levels.

Isomorphic Labs is a new Alphabet company that is reimagining drug discovery through a computational- and AI-first approach.

We are on a mission to accelerate the speed, increase the efficacy and lower the cost of drug discovery. You'll be working at the cutting edge of the new era of 'digital biology' to deliver a transformative social impact for the benefit of millions of people.

Come and be part of a multi-disciplinary team driving groundbreaking innovation and play a meaningful role in contributing towards us achieving our ambitious goals, while being a part of an inspiring, collaborative and entrepreneurial culture.

Your impact

Working within the InfoSec team, you will architect and manage the security of our groundbreaking ML-based platform that will transform the biopharmaceutical world as we know it.

As Senior Cloud Security Engineer, you will be thriving in a highly creative, iterative environment, you will work alongside leading engineers, scientists and ML researchers to secure our AI-centric GCP environments that are central to our mission.

We’re still at a relatively early stage in our journey, with a level of ambiguity as we continuously learn from each other, so you will need to build on your previous experience and show initiative in order to fully carve out your contribution in this newly created role.

What you will do

• Collaborate with the CISO and the TechOps team to implement a Secure Cloud Architecture in GCP.
• Manage cloud security risks by assessing, documenting, and mitigating threats and vulnerabilities.
• Implement a comprehensive strategy addressing Data Governance, IAM, Network Security, Observability, Secure Configuration, and Business Continuity in GCP.
• Support DevOps and DataEng in securing our ML-based software platform and its complex data catalogue.
• Implement the processes, tools, and metrics to enable centralised cloud security monitoring and compliance management.
• Oversee vulnerability management operations, investigate security events, and respond to security incidents.
• Conduct periodic assessments and technical audits challenging the security posture.
• Provide security guidance and training to staff members to raise awareness and promote a security-conscious culture.
• Partner and collaborate with a diverse set of teams including science (drug discovery), research (machine learning), product, business development, and operations.

Skills and qualifications

Essential

• Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience.
• Deep understanding of cloud architecture frameworks.
• Experience in deploying and maintaining cloud security policies, products, and controls.
• Proficiency in logging, monitoring, and observability technologies, along with experience working with Security Operations Centers (SOC).
• Proven experience in securing cloud network and storage infrastructures.
• Demonstrated experience enforcing a consistent and scalable IAM policy across information systems.
• Knowledge in Kubernetes security hardening and proficiency in using Infrastructure as Code practices.
• Proven track record in both establishing Proof of Concept initiatives and successfully scaling their implementation.
• Ability to define security requirements with both strong risk acumen and business vision.
• Ability to write and maintain Standard Operating Procedures (SOPs), technical documentation, and provide training.
• Experience in managing direct security operations and collaborating with teams across different technical backgrounds.
• Familiarity with the secure development and operation of ML-based systems.

Nice to have

• Certifications such as GCP Professional Cloud Security Engineer, CISSP, CCSP or equivalent.
• Knowledge or certifications in ISO 27001 and other major InfoSec frameworks.
• Experience leveraging cloud capabilities for data governance and privacy (labelling, monitoring, and compliance).
• Proficiency in scripting or programming languages (e.g. Python, PowerShell) for automation and tool development.
• Knowledge of DevSecOps tools and processes.
• Strong technical skills in security engineering, offensive security, forensics, etc.
• Experience operating in a healthcare, medical research, biotechnology, or drug discovery environment, including handling sensitive data and regulatory compliance.