Security Engineer - Application Security & Identity
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Conduct security reviews of Internally developed applications including:
- Data flow validation
- Security control design and implementation
- Secrets handling
- AI/LLM Data Loss Prevention (DLP)
- Co-lead production readiness reviews for strictly governed environments:
- Threat modeling
- Hardening validation
- Compliance mapping (SOC 2and contractual and regulatory requirements)
- Define and enforce identity architecture:
- Corporate identity: Entra ID
- Workload identity: AWS IAM and GitHub OIDC
- Define and manage GitHub native security controls :
- GitHub Advanced Security (CodeQL / SAST)
- Dependabot (dependency scanning)
- Secret scanning
- Branch protection and environment controls
- Establish standards for security tooling:
- SAST (CodeQL, Semgrep)
- SCA (Dependabot, Snyk)
- Container scanning (Trivy, ECR scanning)
- Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
- Define AWS security standards:
- IAM design and least-privilege access
- Logging and audit requirements
- Secrets management and rotation
- Scope and coordinate third-party penetration testing
- Maintain audit logging maturity per environment requirements:
- Baseline logging
- User-level activity tracking
- Tamper-evident audit trails with SIEM integration
- Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).
- Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure
- AI Security & Usage Governance
- Define approved AI providers and usage boundaries
- Establish prompt data classification and handling policies
- Enforce human-in-the-loop requirements where appropriate
- Define cost/spend guardrails for AI services
- Required Qualifications
- 5+ years (or 3-5+ in high-growth environments) in cloud security, 2 of which should be be focused application security
- Hands-on security experience with:
- AWS IAM
- SAML / OIDC federation
- GitHub security tooling
- Experience with threat modeling and coordinating penetration testing
- Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls
- In-depth understanding of the risk lifecycle
Requirements
- Experience securing GitHub-based CI/CD pipelines
- Experience in AWS native environments
- Exposure to regulated industries (GxP, 21 CFR Part 11)
- Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)
- Associates degree or higher
- Experience bringing low-code or AI-generated applications under enterprise security controls
- Pay Range: $60,000-$80,000
- Real Chemistry is proud to be Great Place to Work® certified; check out what our people shared about our culture and workplace on our Great Places to Work Profile here .
- We believe we can do our best when feeling our best, which is why we've put together a benefits program designed to give you the s
Benefits
Additional Information
At Real Chemistry, making the world a healthier place isn't just an aspiration-it's our everyday reality. Our drive to transform healthcare is informed by our blend of deep scientific expertise, human-centred creativity, and AI-driven insights, fostering a unique environment where innovation thrives and our people are impact-obsessed. As a global agency, we provide a full suite of services across healthcare communications and marketing to our clients, including top players in the pharmaceutical and biotech industries. Our #LifeatRealChem culture is rooted in our people-we believe we are best together and are committed to excellence for both our clients and colleagues. Whether you're a seasoned professional or just starting your career, if you share our passion for healthcare and connection, we invite you to explore our opportunities. Discover your purpose. Embrace innovation. Experience #LifeatRealChem. Security Engineer - Application Security & Identity Function: Information Security Reports to: Head of Security Role Summary Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority. Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment. This is a hybrid role, based in any of our US offices-including New York City, Boston, Chicago, Carmel, or San Francisco-or remotely within the US, depending on team and business needs.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at realchemistry? Share your experience