Senior Security Engineer

Faro aims to improve lives by helping life sciences companies answer complex clinical questions, simply, efficiently and effectively. Our software platform is used to orchestrate complex clinical development with a single source of truth. It brings words, data and teams together, empowering researchers to design more intelligent trials, master complexity and reach milestones faster.

About the Role

The Senior Security Engineer is a hands-on technical role responsible for protecting Faro"s cloud infrastructure, applications, and customer data. Reporting to the Sr. Director of Security and Compliance, you will be a core technical contributor to Faro"s security program, with significant responsibility for detection and response operations, vulnerability management, application security, and cloud security posture across Faro"s cloud environment. You will work closely with engineering, product, and operations teams to embed security throughout the software development lifecycle and ensure the continued trust of Faro"s life sciences customers.

This is Faro"s first dedicated security engineering hire. You will help build out Faro"s security capabilities in close partnership with security leadership, contributing to the technical direction of the program and shaping its operations at an early stage of a fast-growing, mission-driven company.

In the near term, this role will flex across security, IT, and compliance responsibilities, reflecting the realities of a small team. As the security and IT functions grow, the scope will narrow toward dedicated security engineering.

Duties and Responsibilities

• Operate and improve Faro"s security detection and response capabilities, including monitoring, triage, and investigation of alerts from SIEM, CSPM, and MDR
• Manage Faro"s vulnerability management program, including triaging findings from infrastructure scans, SAST, DAST, and SCA tools, tracking remediation against established SLAs and coordinating with engineering on fixes
• Support and improve application security practices within Faro"s SDLC, including security reviews of new features, integration of automated security testing into CI/CD pipelines, and guidance to developers on secure coding practices
• Maintain and improve Faro"s cloud security posture across multiple cloud providers including configuration reviews, hardening, and alignment with CIS benchmarks
• Coordinate and support third-party penetration testing engagements, including scoping, logistics, findings triage, and remediation tracking
• Contribute to the security of Faro"s AI-powered products, including evaluating risks related to prompt injection, data leakage between tenants, model output safety, and retrieval-augmented generation (RAG) integrity
• Support incident response activities in alignment with Faro"s NIST 800-61-based incident response plan, including detection, analysis, containment, eradication, and recovery
• Contribute to security evidence collection and technical documentation to support SOC 2 Type II, ISO 9001 and ISO 27001/42001 audit cycles
• Evaluate and improve security tooling, automation, and processes to scale Faro"s security capabilities as the company grows

NOTE: Candidates and Recruiting Agencies, please do not contact our employees regarding the position or your application status. Doing so will automatically disqualify you from the position or working with us. Only applications submitted through the designated link will be considered. Please DO NOT SPAM our employees regarding the role or your application status.