Security Engineer — Application Security & Identity
Real Chemistry · Boston - Massachusetts; Carmel - Indiana; Chicago - Illinois; Lambertville - New Jersey; Remote - USA
Remote · US$60–80kNew
mid
security engineerapplication security
Apply on Real Chemistry →
At Real Chemistry, making the world a healthier place isn’t just an aspiration—it’s our everyday reality. Our drive to transform healthcare is informed by our blend of deep scientific expertise, human-centred creativity, and AI-driven insights, fostering a unique environment where innovation thrives and our people are impact-obsessed. As a global agency, we provide a full suite of services across healthcare communications and marketing to our clients, including top players in the pharmaceutical and biotech industries.
Our #LifeatRealChem culture is rooted in our people—we believe we are best together and are committed to excellence for both our clients and colleagues. Whether you're a seasoned professional or just starting your career, if you share our passion for healthcare and connection, we invite you to explore our opportunities.
Discover your purpose. Embrace innovation. Experience #LifeatRealChem.
Security Engineer — Application Security & Identity
Function: Information Security
Reports to: Head of Security
Role Summary
Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority.
Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment.
This is a hybrid role, based in any of our US offices—including New York City, Boston, Chicago, Carmel, or San Francisco—or remotely within the US, depending on team and business needs.
Key Responsibilities
Conduct security reviews of Internally developed applications including:
Data flow validation
Security control design and implementation
Secrets handling
AI/LLM Data Loss Prevention (DLP)
Co-lead production readiness reviews for strictly governed environments:
Threat modeling
Hardening validation
Compliance mapping (SOC 2and contractual and regulatory requirements)
Define and enforce identity architecture:
Corporate identity: Entra ID
Workload identity: AWS IAM and GitHub OIDC
Define and manage GitHub native security controls :
GitHub Advanced Security (CodeQL / SAST)
Dependabot (dependency scanning)
Secret scanning
Branch protection and environment controls
Establish standards for security tooling:
SAST (CodeQL, Semgrep)
SCA (Dependabot, Snyk)
Container scanning (Trivy, ECR scanning)
Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
Define AWS security standards:
IAM design and least-privilege access
Logging and audit requirements
Secrets management and rotation
Scope and coordinate third-party penetration testing
Maintain audit logging maturity per environment requirements:
Baseline logging
User-level activity tracking
Tamper-evident audit trails with SIEM integration
Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).
Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure
AI Security & Usage Governance
Define approved AI providers and usage boundaries
Establish prompt data classification and handling policies
Enforce human-in-the-loop requirements where appropriate
Define cost/spend guardrails for AI services
Required Qualifications
5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be be focused application security
Hands-on security experience with:
AWS IAM
SAML / OIDC federation
GitHub security tooling
Experience with threat modeling and coordinating penetration testing
Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls
In-depth understanding of the risk lifecycle
Preferred Qualifications
Experience securing GitHub-based CI/CD pipelines
Experience in AWS native environments
Exposure to regulated industries (GxP, 21 CFR Part 11)
Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)
Associates degree or higher
Experience bringing low-code or AI-generated applications under enterprise security controls
Pay Range: $60,000-$80,000
This is the pay range the Company believes it will pay for this position at the time of this posting. Consistent with applicable law, compensation will be determined based on job-related, non-discriminatory factors including but not limited to work experience, skills, certifications, and geographical location. The Company reserves the right to modify this pay range at any time
Real Chemistry is proud to be Great Place to Work® certified; check out what our people shared about our culture and workplace on our Great Places to Work Profile here .
We believe we can do our best when feeling our best, which is why we’ve put together a benefits program designed to give you the support you and your family need at every stage of life. Real Chemistry offers a comprehensive benefit program and perks, tailored to your region. Globally, this includes offices in our key markets with free snacks to keep you running all day long, generous holiday and paid time off, options for private medical, dental, and vison plans, and support in saving for the future. Other perks include mental wellness coaching and support and access to more than 13,000 online classes with LinkedIn Learning. Learn more about our great benefits and perks and search specific offerings in your region at: www.realchemistrybenefits.com .
Working with Real HART: Since the pandemic, we have adapted to how our people told us they want to work. We have office locations in cities in the US, UK, and Europe with many employees and clients that serve as hubs where and when they need us. For employees who are within an hour of one of our offices, we expect attendance in the office two days per week, either at a Real Chemistry office or onsite with clients. We are also actively opening new office locations, so if one opens near you, our Real HART policy will apply. We are not looking for attendance for the sake of attendance but believe that the opportunity to coordinate in-office team meetings, 1:1 meetings with managers, taking advantage of on-site learning, and connecting with client partners is a critical to delivering on our purpose of making healthcare what it should be. Outside of these offices, we have regions, where people work remotely but come together quarterly for collaboration, culture and learning opportunities. We call this our Real Hybrid and Regional Teams (Real HART) approach. Real Chemistry believes we are best together – and our workplace strategy fosters connection and collaboration in person – but also supports flexibility for our people.
Real Chemistry is an Equal Opportunity employer. We continually strive to build and sustain an inclusive and equitable work environment where our employees feel empowered to leverage all they bring from their personal lived experience and professional expertise, to make our team the best in the industry. We encourage motivated and qualified applicants to apply without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity/expression, ethnic or national origin, age, physical or mental disability, genetic information, marital information, or any other characteristic protected by federal, state, or local employment discrimination laws where Real Chemistry operates. Should you require accommodations throughout the interview process please let your recruiter know.
*Notice: Real Chemistry and its affiliates' names are being misused by scammers through messaging services, fake websites, and apps. Do not share personal or financial information or make payments to any unverified sources claiming to be connected to Real Chemistry. We are working to stop these unauthorized activities and protect our community. Read more here .
Posted 2026-06-30