Senior Information Security Engineer

Overview

At Editas Medicine, we are pioneering the possible. Our mission and commitment are to translate the power and potential of the CRISPR/Cas
12a and CRISPR/Cas9 genome editing systems into a robust pipeline of medicines for people living with serious diseases around the world. Our goal is to discover, develop, manufacture, and commercialize transformative, durable, precision genomic medicines for a broad class of diseases.

At Editas Medicine, we’re a team of passionate problem solvers, harnessing the power and potential of CRISPR gene editing to transform the future of medicine. Driven by a shared purpose to serve people living with serious diseases, we succeed together through collaboration, mutual respect, and innovation. If you want to be part of a team where your voice is heard and respected, where you can operate at the forefront of gene editing, and push the boundaries of what’s possible in medicine, come join us and become an Editor!

The Senior Information Security Engineer will enable Editas Medicine to operate with confidence by engineering a resilient, scalable, and proactive security posture that protects sensitive scientific, clinical, and corporate data. Over the next 12 - 18 months, this role must further design and mature enterprise‑grade security controls, elevate threat detection and response capabilities, and embed security into technology decisions across the organization ensuring Editas can innovate safely and s role drives the development and execution of security controls across cloud, on‑premises, and hybrid environments, ensuring strong alignment with business objectives, regulatory requirements, and industry best practices.

Working closely with IT leadership and cross‑functional partners, the Senior Information Security Engineer leads initiatives in threat detection and response, identity and access management, vulnerability management, network and endpoint security, and security automation. This position serves as a subject‑matter expert and escalation point for complex security challenges, providing both strategic guidance and hands‑on engineering expertise.

The ideal candidate brings deep technical proficiency, strong analytical instincts, and the ability to influence security decisions across a fast‑paced, high‑growth environment. This role offers the opportunity to shape the organization’s security posture, manage technical teams, and drive continuous improvement in a mission‑critical function.

As the Senior Information Security Engineer, you will oversee:

• Lead the design and implementation of enterprise‑grade security controls, including network security, cloud security, endpoint protection, and identity platforms.
• Architect secure solutions for new technologies, cloud migrations, and infrastructure modernization efforts.
• Evaluate and integrate advanced security tools, automation frameworks, and detection technologies.

• Oversee security monitoring, threat hunting, and incident response activities.
• Conduct deep‑dive investigations into complex security events and coordinate cross‑functional response efforts.
• Lead vulnerability assessments, penetration testing coordination, and remediation tracking.
• Develop and refine detection logic, playbooks, and response workflows.

• Perform and lead risk assessments, threat modeling, and security reviews for applications, systems, and vendors.
• Contribute to the development and enforcement of security policies, standards, and best practices aligned with frameworks like NIST, ISO 27001, and CIS.
• Partner with compliance teams on audits, regulatory requirements, and remediation plans.
• Drive continuous improvement of security processes, tooling, and operational efficiency.

• Manage and oversee security engineers at our MSP and serve as a subject‑matter expert across the organization.
• Foster collaboration between IT and business functions (e.g., Genomics & Bioinformatics, Finance, HR, etc.) to establish a culture of security.
• Communicate complex…