Senior Security Engineer

Faro aims to improve lives by helping life sciences companies answer complex clinical questions, simply, efficiently and effectively. Our software platform is used to orchestrate complex clinical development with a single source of truth. It brings words, data and teams together, empowering researchers to design more intelligent trials, master complexity and reach milestones faster.

About the Role

The Senior Security Engineer is a hands-on technical role responsible for protecting Faro's cloud infrastructure, applications, and customer data. Reporting to the Sr. Director of Security and Compliance, you will be a core technical contributor to Faro's security program, with significant responsibility for detection and response operations, vulnerability management, application security, and cloud security posture across Faro's cloud environment. You will work closely with engineering, product, and operations teams to embed security throughout the software development lifecycle and ensure the continued trust of Faro's life sciences customers.

This is Faro's first dedicated security engineering hire. You will help build out Faro's security capabilities in close partnership with security leadership, contributing to the technical direction of the program and shaping its operations at an early stage of a fast-growing, mission-driven company.

In the near term, this role will flex across security, IT, and compliance responsibilities, reflecting the realities of a small team. As the security and IT functions grow, the scope will narrow toward dedicated security engineering.

Duties and Responsibilities

• Operate and improve Faro's security detection and response capabilities, including monitoring, triage, and investigation of alerts from SIEM, CSPM, and MDR
• Manage Faro's vulnerability management program, including triaging findings from infrastructure scans, SAST, DAST, and SCA tools, tracking remediation against established SLAs and coordinating with engineering on fixes
• Support and improve application security practices within Faro's SDLC, including security reviews of new features, integration of automated security testing into CI/CD pipelines, and guidance to developers on secure coding practices
• Maintain and improve Faro's cloud security posture across multiple cloud providers including configuration reviews, hardening, and alignment with CIS benchmarks
• Coordinate and support third-party penetration testing engagements, including scoping, logistics, findings triage, and remediation tracking
• Contribute to the security of Faro's AI-powered products, including evaluating risks related to prompt injection, data leakage between tenants, model output safety, and retrieval-augmented generation (RAG) integrity
• Support incident response activities in alignment with Faro's NIST 800-61-based incident response plan, including detection, analysis, containment, eradication, and recovery
• Contribute to security evidence collection and technical documentation to support SOC 2 Type II, ISO 9001 and ISO 27001/42001 audit cycles
• Evaluate and improve security tooling, automation, and processes to scale Faro's security capabilities as the company grows

**NOTE: Candidates and Recruiting Agencies, please do not contact our employees regarding the position or your application status. Doing so will automatically disqualify you from the position or working with us. Only applications submitted through the designated link will be considered. Please DO NOT SPAM our employees regarding the role or your application status.

Qualifications

• 6+ years of experience in security engineering, cloud security, or application security roles
• 3+ years of hands-on experience with cloud security services (Azure preferred; AWS or GCP acceptable with willingness to ramp on Azure)
• Experience with vulnerability management tools and processes, including familiarity with CVSS scoring and risk-based prioritization
• Experience with application security testing tools (SAST, DAST, SCA) and secure SDLC practices
• Experience with endpoint detection and response platforms
• Comfortable working in a small team environment where you will own outcomes end-to-end
• Experience in a startup or high-growth environment preferred
• Experience with compliance frameworks such as SOC 2, ISO 27001, and NIST 800-53
• Scripting ability in Python, PowerShell, or Bash
• Bachelors Degree in Information Technology or related field, Masters Degree Preferred

Preferred / Bonus Qualifications

• Experience with AI/ML security concepts, including prompt injection, adversarial testing, and LLM-specific attack vectors
• Experience with infrastructure as code security (Terraform, ARM/Bicep templates, etc.)
• Relevant certifications such as AZ-500, OSCP, GIAC, CISSP or similar
• Experience in healthcare, life sciences, or other regulated industries

Skills and Competencies

• Strong analytical and problem-solving skills with the ability to investigate complex security events
• Ability to communicate security risks and recommendations clearly to both technical and non-technical audiences
• Self-motivated and able to work independently with minimal supervision
• Collaborative mindset, comfortable working directly with engineering, product, and DevOps teams
• Willingness to learn new technologies and adapt as Faro's product and infrastructure evolve

Salary

Salary range for this position is $123,000 - $145,000

Salary listed reflects the base salary only and does not include other elements of total compensation. Individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Equity

In addition to this position’s salary (listed above), equity will be a major component of the total compensation for this position. We aim to offer higher-than-average equity compensation for a company of our size, and communicate equity amounts at the time of offer issuance.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic)
• Short Term and Long Term Disability
• Paid Time Off (Flexible Vacation Policy; Paid Sick & Public Holidays Observed)
• Training & Development Reimbursement
• Hybrid Work Environment
• Peer-to-peer bonus program
• Company/department outings and events
• Stock Option Plan