• Monitor and investigate alerts across Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Office 365) and associated security platforms • Analyze Entra ID (Azure AD) sign-in logs, audit logs, and risky sign-in activity to identify potential account compromise or misuse • Respond to security incidents involving endpoints, identities, email, and collaboration platforms • Tune and optimize detection rules, alert thresholds, and signal-to-noise ratios within SIEM and Microsoft security tools • Perform log analysis and basic threat hunting using tools such as Microsoft Sentinel, Defender Advanced Hunting, and audit logs • Implement and validate Conditional Access policies, MFA enforcement, and identity protection controls • Support endpoint security through Intune and Defender for Endpoint, including policy enforcement, device compliance, and response actions • Collaborate with IT to harden Microsoft 365 configurations (Exchange Online, SharePoint, Teams) and reduce attack surface • Support vulnerability management by identifying gaps and coordinating remediation across systems and endpoints • Maintain clear and audit-ready documentation of incidents, controls, and response activities • Assist with eDiscovery, audit requests, and compliance-related investigations when required • Identify gaps in monitoring, coverage, or controls and recommend improvements to security architecture

Role Description Sequencing is hiring a Director of Security to build and lead a modern security program for a rapidly scaling genomics and AI platform. This is the company’s first dedicated security leadership hire and a chance to shape the long term security foundation for a platform that handles highly sensitive consumer genomic and health data. This is a Director level role on the Engineering team, reporting to the Head of Engineering, and leading the security function as it scales, including oversight of senior offensive security personnel and external security partners. Your success helps protect the human genome, build customer trust, and make personalized health insights from whole genome sequencing safer and more accessible for everyone. Qualifications - 10+ years of experience in security engineering, application security, cloud security, security management, or CISO level roles, including 3+ years in a senior leadership or director level position. - Proven experience building or significantly maturing security programs at rapidly growing consumer technology, ecommerce, SaaS, healthcare, or direct to consumer platforms. - Demonstrated experience protecting highly sensitive customer data, including protected health information, personally identifiable information, financial data, or genomic data. - Proven track record leading SOC 2, HIPAA, and ISO 27001 certification efforts from planning through successful audit completion. - Strong understanding of modern cloud and application security practices across AWS based infrastructure and modern web application environments. - Experience operating in fast moving startup or scale up environments with evolving systems, incomplete processes, and rapidly changing priorities. - Strong understanding of modern AI security risks, including AI governance, prompt and data leakage risks, AI assisted software development workflows, and developer AI tooling controls. - Experience managing SaaS governance, shadow IT risk, vendor security reviews, identity and access lifecycle management, and third party access controls. - Experience managing offensive security initiatives, external penetration testing vendors, red team exercises, vulnerability management programs, and remediation prioritization. - Strong cross functional leadership skills with the ability to influence Engineering, DevOps, Bioinformatics, Product, and Operations teams without direct authority. - Ability to balance strong security standards with startup speed, product velocity, and practical operational realities. - Experience presenting security posture, organizational risk, incident summaries, and compliance status to founders, executives, boards, auditors, or enterprise customers. - Hands on familiarity with governance, risk, and compliance platforms such as Vanta, Drata, or equivalent, security information and event management tooling, endpoint and identity management systems, Google Workspace or equivalent productivity suite security administration, SaaS access governance tools, Jira, Confluence, and AWS security services including CloudTrail, GuardDuty, and Security Hub or equivalent cloud security services. - Experience with modern edge and cloud security platforms such as Cloudflare Enterprise or equivalent, including web application firewall management, distributed denial of service protection, bot mitigation, Zero Trust access controls, API security, and internet facing application protection. - Experience in healthcare, consumer healthtech, or HIPAA regulated environments strongly preferred. - Based in the United States and able to work fully remotely. Requirements - Own the company’s security program end to end, including policies, procedures, playbooks, runbooks, training, governance, and security documentation. - Build the governance layer that turns ad hoc security work into a repeatable, measurable, and auditable security program. - Lead ongoing HIPAA and HITECH compliance review, security gap assessment, and remediation initiatives, while driving SOC 2 and ISO 27001 certification efforts from roadmap through audit completion. - Serve as the primary point of contact for auditors, regulators, customers, and external compliance partners. - Partner closely with Engineering, DevOps, Bioinformatics, Product, and Operations to embed security into every system that touches customer genomic and health data. - Establish and enforce AI governance policies covering company wide use of AI tools, including specific platforms such as ChatGPT, Claude, Cursor, and similar tools, or equivalent, along with data classification standards, acceptable use policies, prompt handling practices, and Data Loss Prevention controls. - Define and enforce security standards for contractors, agencies, consultants, and third party development partners, including intellectual property protection requirements, controlled access policies, device management expectations, and secure handling of customer data. - Build and maintain centralized visibility into company SaaS tools, shadow IT usage, third party integrations, identity and access management, and organizational data exposure risks. - Lead offensive security initiatives, including management of senior offensive security personnel, external penetration testing firms, vulnerability assessments, and remediation tracking. - Effectively manage offensive security workstreams even when the hands on technical work extends beyond the Director’s direct technical specialization. - Stand up and operationalize the company’s incident response program, including severity classification, escalation paths, communications, executive coordination, forensic readiness, and post incident review procedures. - Serve as a senior escalation point during security incidents and maintain availability for critical after hours incident response, breach investigation, and executive coordination when necessary. - Present security posture, organizational risk, compliance status, and security roadmap updates to executive leadership in clear, business oriented language. - Lead company wide security awareness and training programs covering secure coding, phishing resistance, AI tool usage, handling of sensitive genomic data, and operational security best practices. - Translate complex security findings into practical actions engineering teams can implement without unnecessarily slowing product velocity. - Complete an initial HIPAA and HITECH security review and deliver a prioritized remediation roadmap within the first 45 days. - Reach SOC 2 readiness within 6 months aligned with the company’s infrastructure modernization roadmap. - Establish a recurring external penetration testing cadence with measurable remediation tracking and executive visibility. Company Description

• Design, deploy, and manage firewall solutions across multi-tenant MDR client environments • Implement and maintain security policies, access controls, NAT, and segmentation strategies • Support real-time threat detection and response by tuning firewall rules aligned to SOC alerts and threat intelligence • Partner with SOC teams to investigate and contain active incidents (e.g., blocking malicious IPs, isolating network segments) • Optimize firewall configurations to reduce false positives and improve detection fidelity • Integrate firewalls with SIEM, EDR, and XDR platforms for centralized visibility • Conduct firewall policy audits and enforce least-privilege access across client networks • Assist in incident response activities, including containment and remediation actions • Manage VPN configurations (site-to-site, client VPN, zero trust network access) • Provide guidance and recommendations to customers on improving their network security posture • Document configurations, changes, and response actions for compliance and reporting

• Oversees network security engineers • Monitoring and confirming the performance of the network security systems • Ensure appropriate levels of network security controls are managed within the organization • Work alongside other internal teams and external vendors for compliance • Guide and coach the network security team • Lead an Innovation, Research & Advanced Development (IRAD) organization • Drive forward-looking research while ensuring delivery of production-ready solutions • Favor automation over manual processes to reduce risk and improve scale and reliability • Leverage AI heavily to accelerate research and development • Create an environment encouraging curiosity and experimentation • Build trust with stakeholders by delivering safe, scalable, predictable solutions