Lead Cloud Security/AppSec Engineer at Flagshippioneeringinc

Who We Are Flagship Pioneering is a biotechnology company that invents and builds platform companies that change the world. We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps. Those big leaps in human health and sustainability exponentially accelerate scientific progress in areas ranging from cancer detection and treatment to nature-positive agriculture. What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation, company creation, and capital investment under one roof in a way that is largely without precedent. Our scientific founders, entrepreneurial leaders, and professional capital managers are each aligned around an institutionalized process that enables us to innovate and transform for the benefit of people and planet. Many of the companies Flagship has founded have addressed humanity’s most urgent challenges: vaccinating billions of people against COVID-19, curing intractable diseases, improving human health, preempting illness, and feeding the world by improving the resiliency and sustainability of agriculture. Flagship has been recognized twice on FORTUNE’s “Change the World” list, an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies, and has been twice named to Fast Company’s annual list of the World’s Most Innovative Companies. About the Role The Information Security team has strong detection and response capability and a maturing compliance program. This is a greenfield opportunity to build Flagship’s cloud security and application security engineering practice in earnest — with the CISO and Director of Security Engineering as your strategic partners and a well-resourced program behind you. You’ll define how cloud posture management, SSDLC security, and cloud-side DLP get done at Flagship — in deep partnership with the Infrastructure & Operations team, who are your primary counterparts for cloud architecture, network, and endpoint infrastructure. What makes this role distinctive is the expectation that you’ll build AI-augmented workflows from the start — using LLMs and agentic tooling to handle the routine 80% so your expertise stays focused on the 20% that actually requires human judgment. If you want to own a practice area rather than execute someone else’s playbook, this is that role. You'll own the technical execution of cloud security and AppSec across Flagship and its portfolio, working directly with engineering teams to embed security into their pipelines, not just review them after the fact. What You'll Own • Cloud security posture management: own remediation execution against Wiz findings in close partnership with Infrastructure & Operations — building shared remediation playbooks, coordinating finding resolution across AWS environments, and ensuring security controls are implemented consistently with I&O’s infrastructure standards • CI/CD and SSDLC security: design and implement security guardrails in engineering pipelines — SAST, secrets scanning, IaC security, container scanning — working directly with portfolio engineering teams, and building AI-powered pipeline security automation (e.g., LLM-assisted code review, automated fix suggestions for SAST findings) that reduces developer friction and scales security coverage beyond what manual review allows • Cloud-side DLP enforcement: build and operationalize data loss prevention controls at the cloud and application layer, not just policy definition • Cloud identity and access: own technical execution on Entra/Azure AD conditional access, BYOD policy enforcement, and cloud identity governance in partnership with Infrastructure & Operations, who manage the underlying directory and endpoint infrastructure • Detection engineering (cloud layer): write and tune cloud-side detection rules and contribute to alert fidelity improvements in partnership with the SOC • AI platform security: contribute to security architecture reviews and guardrail design for AI-powered portfolio products, including Bedrock and EKS-based platforms • Serve as the embedded security engineering partner for portfolio company engineering teams — not a reviewer at the end of the process, but a collaborator throughout it • Design and maintain AI-augmented workflows across all functional areas you own — using LLMs, agentic tooling, and automation to multiply your own capacity. You'll be expected to treat AI as a core part of your engineering toolkit, not an experiment: building prompt-driven triage pipelines, automating remediation drafting, and continuously identifying where human judgment is the bottleneck versus where it's being wasted on pattern-matchable work. What We're Looking For • 5+ years in cloud security, application security, or a closely related security engineering discipline • Deep hands-on experience with AWS security services (Security Hub, GuardDuty, IAM, SCPs, CloudTrail) and cloud posture tooling — Wiz experience strongly preferred • Practical AppSec experience: you've integrated SAST/DAST/SCA tooling into CI/CD pipelines and worked directly with developers to resolve findings, not just filed tickets • Experience with cloud identity platforms — Entra ID / Azure AD, including conditional access policy design and enforcement • Ability to write infrastructure-as-code and scripting to automate security controls (Python, Terraform, or equivalent), including comfort working with LLM APIs, prompt engineering, and agentic orchestration frameworks • Demonstrated experience building AI-augmented security workflows — you've used LLMs, agentic frameworks, or AI-assisted tooling to automate security tasks at scale, not just experimented with ChatGPT. You should be able to articulate which security problems are well-suited to AI automation and which aren't. • Strong enough communication skills to be credible with engineering leadership and portfolio company CTOs — you’ll be in technical design reviews, not just security reviews Proven ability to build trusted working relationships with Infrastructure & Operations teams — you approach I&O as a partner, not a gatekeeper, and can influence security outcomes through collaboration rather than mandate • Comfort operating as a self-directed practitioner in a lean team; this role requires you to set your own execution priorities within a defined strategic direction Nice to Have • Experience securing ML/AI platforms — Bedrock, SageMaker, or comparable environments • AWS Security Specialty, GWEB, OSCP, or equivalent certification • Experience in a portfolio company or multi-entity security model • Familiarity with HIPAA technical safeguard requirements and PHI data flows in cloud environments • Experience designing or operating agentic AI workflows for security operations • Container and Kubernetes security experience (EKS, image scanning, network policy) Why This Role This is a net-new capability role on a small team — you won't be executing someone else's existing playbook, you'll be building the cloud and AppSec program from a solid foundation. You’ll work directly with the CISO and collaborate closely with the Director of Security Engineering. Flagship's portfolio spans some of the most technically ambitious biology and AI work happening anywhere, and the security work reflects that complexity. If you want a role where the scope is real, the autonomy is genuine, and you have the freedom to build an AI-augmented security practice — this is it. We are an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. We recognize that great candidates often bring unique strengths without fulfilling every qualification. If you have some of the experience listed above but not all, please apply anyway. We are dedicated to building diverse and inclusive teams and look forward to learning more about your background and interest in Flagship. Recruitment & Staffing Agencies: Flagship Pioneering and its affiliated Flagship Lab companies (collectively, “FSP”) do not accept unsolicited resumes from any source other than candidates. The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneering’s internal Talent Acquisition team. Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP, and FSP will not owe any referral or other fees with respect thereto. #LI-NM1 The salary range for this role is $148,000 - $203,500. Compensation for the role will depend on a number of factors, including a candidate’s qualifications, skills, competencies, and experience. Flagship Pioneering currently offers healthcare coverage, annual incentive program, retirement benefits and a broad range of other benefits. Compensation and benefits information is based on Flagship Pioneering's good faith estimate as of the date of publication and may be modified in the future.