Senior Information Security Engineer

At Editas Medicine, we are pioneering the possible. Our mission and commitment are to translate the power and potential of the CRISPR/Cas12a and CRISPR/Cas9 genome editing systems into a robust pipeline of medicines for people living with serious diseases around the world. Our goal is to discover, develop, manufacture, and commercialize transformative, durable, precision genomic medicines for a broad class of diseases.


Why Choose Editas?

At Editas Medicine, we're a team of passionate problem solvers, harnessing the power and potential of CRISPR gene editing to transform the future of medicine. Driven by a shared purpose to serve people living with serious diseases, we succeed together through collaboration, mutual respect, and innovation. If you want to be part of a team where your voice is heard and respected, where you can operate at the forefront of gene editing, and push the boundaries of what's possible in medicine, come join us and become an Editor!

Decoding The Role:

The Senior Information Security Engineer will enable Editas Medicine to operate with confidence by engineering a resilient, scalable, and proactive security posture that protects sensitive scientific, clinical, and corporate data. Over the next 12 - 18 months, this role must further design and mature enterprise-grade security controls, elevate threat detection and response capabilities, and embed security into technology decisions across the organization ensuring Editas can innovate safely and at speed. This role drives the development and execution of security controls across cloud, on-premises, and hybrid environments, ensuring strong alignment with business objectives, regulatory requirements, and industry best practices. Working closely with IT leadership and cross-functional partners, the Senior Information Security Engineer leads initiatives in threat detection and response, identity and access management, vulnerability management, network and endpoint security, and security automation. This position serves as a subject-matter expert and escalation point for complex security challenges, providing both strategic guidance and hands-on engineering expertise.

The ideal candidate brings deep technical proficiency, strong analytical instincts, and the ability to influence security decisions across a fast-paced, high-growth environment. This role offers the opportunity to shape the organization's security posture, manage technical teams, and drive continuous improvement in a mission-critical function.

Characterizing Your Impact:

As the Senior Information Security Engineer, you will oversee:

Security Architecture & Engineering:

• Lead the design and implementation of enterprise-grade security controls, including network security, cloud security, endpoint protection, and identity platforms.
• Architect secure solutions for new technologies, cloud migrations, and infrastructure modernization efforts.
• Evaluate and integrate advanced security tools, automation frameworks, and detection technologies.

Threat Detection & Incident Response:

• Oversee security monitoring, threat hunting, and incident response activities.
• Conduct deep-dive investigations into complex security events and coordinate cross-functional response efforts.
• Lead vulnerability assessments, penetration testing coordination, and remediation tracking.
• Develop and refine detection logic, playbooks, and response workflows.

Risk Management & Governance:

• Perform and lead risk assessments, threat modeling, and security reviews for applications, systems, and vendors.
• Contribute to the development and enforcement of security policies, standards, and best practices aligned with frameworks like NIST, ISO 27001, and CIS.
• Partner with compliance teams on audits, regulatory requirements, and remediation plans.
• Drive continuous improvement of security processes, tooling, and operational efficiency.

Leadership & Collaboration:

• Manage and oversee security engineers at our MSP and serve as a subject-matter expert across the organization.
• Foster collaboration between IT and business functions (e.g., Genomics & Bioinformatics, Finance, HR, etc.) to establish a culture of security.
• Communicate complex security issues to technical and non-technical stakeholders, including leadership.

Outcomes:

• Security Architecture Maturity: Deliver and operationalize a unified security architecture across cloud, network, and endpoint environments.
• Threat Detection & Response Improvement: Reduce mean time to detect (MTTD) and mean time to respond (MTTR) to security incidents, supported by improved detection logic, playbooks, and automation.
• Vulnerability Management Predictability: Establish a risk-based vulnerability management program where critical vulnerabilities are remediated and reporting is consistent and transparent.
• Identity & Access Hardening: Implement strengthened IAM controls including MFA, SSO, and least-privilege baselines resulting in full MFA coverage and measurable reductions in excessive permissions.
• Cloud Security Enhancements: Deploy and validate cloud security guardrails (AWS/Azure) that achieve full compliance with defined cloud security baselines and reduce misconfigurations.
• Incident Response Readiness: Lead at least two cross-functional tabletop exercises and implement resulting improvements to IR processes, tooling, and communication workflows.
• Governance & Compliance Alignment: Complete annual risk assessments, policy updates, and audit support activities with no major findings attributable to security engineering gaps and ensuring stakeholders feel confident in the company's ability to protect sensitive data and systems.
• Cross-Functional Security Adoption: Build strong partnerships within IT and with business teams that make security a shared responsibility and resulting in consistent integration of security reviews into new technology and vendor decisions and build relationships.

Requirements

Competencies:

Strategic Thinking, Influence & Collaboration, Communication Excellence, Problem Solving & Decision Making, Ownership & Accountability, Continuous Improvement Mindset, Team Leadership.

The Ideal Transcript:

To thrive in this role, you'll need:

Qualifications:

• 8-10+ years of experience in information security, security engineering, or related technical fields.
• Deep knowledge of network security, cloud security (AWS, Azure), and identity security (IAM, SSO, MFA, Zero Trust).
• Hands on experience with SIEM, EDR/XDR, firewalls, vulnerability scanners, email security, and cloud native security tools.
• Strong understanding of threat detection, incident response, and forensics fundamentals.
• Proficiency in scripting/automation (Python, PowerShell).
• Familiarity with secure development practices and common vulnerabilities (OWASP Top 10, SANS Top 25).
• Excellent communication and leadership skills.

Preferred Qualifications:

• Experience with security architecture frameworks and enterprise-scale design.
• Background in threat intelligence, malware analysis, or red/blue team operations/tabletop exercises.
• Familiarity with compliance frameworks such as SOC 2, PCI-DSS, HIPAA, or GDPR.

Education & Certifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience.
• Advanced certifications preferred: CISSP, GCIH, GCIA, OSCP, CCSP, Cloud security certifications (AWS/Azure/GCP).

Physical & Travel Requirements:

• Ability to work in a fast-paced, evolving environment.
• Travel as required to Editas facilities and vendor locations.

Benefits

Benefits:

Editas provides a comprehensive array of benefits to all employees, including a Blue Cross Blue Shield PPO Medical Plan, a company-funded Health Savings Account, Dental and Vision Insurance, Life and Disability Insurance, Dependent Care Account, Tuition Reimbursement, 401(k) plan with company match, Employee Assistance Plan, Wellness Programs, and a flexible Paid Time Off policy.

Salary Range:

$160,00 - $173,000

Pay Transparency

Editas Medicine is committed to transparency and accuracy in our hiring practices. The anticipated salary range for each position is posted within the role. The final salary offer will be determined based on a comprehensive assessment of the candidate's qualifications, including education, training, and relevant experience. Additional factors such as external market conditions, the role's criticality, and internal equity will also be considered. Editas Medicine's compensation philosophy ensures fair and equitable pay practices.

Aspire to be an Editor? We invite you to apply and join us at the forefront of innovation and be a key contributor to realizing Editas Medicine's mission of developing transformative medicines for people living with serious diseases.