Natera is hiring a
Lead Security Engineer

Summary

Join our security team at Natera as a highly skilled and motivated Lead Application Security Engineer to ensure the security of our applications through vulnerability identification, security measure implementation, and best practice promotion across the development lifecycle.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field
• 10+ years of experience in application security or a related role
• Strong knowledge of security principles, vulnerabilities, and remediation techniques
• Experience with SAST and DAST tools such as OWASP ZAP, Burp Suite, Checkmarx, Veracode, or similar
• Proficiency in programming languages such as Java, C#, Python, or JavaScript
• Familiarity with web application security standards (e.g., OWASP Top Ten)
• Understanding of compliance standards such as SOC2, FDA Cybersecurity Guidelines, NIST, and how they apply to application security
• Excellent analytical and problem-solving skills
• Strong communication skills and the ability to work collaboratively in a team environment
• Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus
• Strong analytical abilities to make data-based and strategic value-driven business decisions, including the ability to make reasoned decisions in the face of uncertainty or imperfect data

Responsibilities

• Lead, build, and maintain the application security initiatives, including security architecture, security testing, vulnerability management, and security champion program
• Develop and enforce product security policies, reference architectures, procedures, and standards in compliance with SOC2, FDA Cybersecurity Guidelines, NIST, HIPAA, and other relevant regulations
• Conduct security assessments, including SAST, DAST, pen test, to identify vulnerabilities in applications
• Expert hands on experiences in WAF, API Security in complex enterprise environments
• Collaborate with development teams to integrate security practices into the secure software development lifecycle (SDLC)
• Lead the product security strategies and activities, ensuring alignment with business objectives
• Perform penetration testing and simulate attacks to identify potential security weaknesses
• Monitor and respond to security incidents, providing timely analysis and resolution
• Stay up-to-date with the latest security trends, vulnerabilities, and technologies
• Provide training and guidance to developers on secure coding practices
• Participate in the design and architecture of secure applications and systems
• Assist in compliance efforts and audits related to application security, including preparation of necessary documentation
• Interact with senior-level leaders and key stakeholders to coordinate activities across organizational lines and maintain robust and scalable enterprise business solutions
• Keep track of new regulations, industry best practices, and implement continuous improvement on an ongoing basis
• Collaborate with Information Security, Engineering and product teams to create, maintain and deliver an overall compliance/certifications roadmap
• Collaborate with Technical Program Management and Engineering, and help drive the development of standardized processes and procedures to assure product security requirements are accounted for in New Product Introduction (NPI), New Feature Introduction (NFI), and acquisition activities

Benefits

• Comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents
• Free testing in addition to fertility care benefits
• Pregnancy and baby bonding leave
• 401k benefits
• Commuter benefits