Skip to main content

Security Lead

Remote (UTC +/- 2 hrs)
Full-time
Permanent employee

About Apheris

At Apheris, we are building the future of how AI is applied in pharmaceutical R&D.

We enable leading pharmaceutical teams to discover and develop drugs faster. We host the industry’s largest federated data networks for drug discovery AI, spanning co-folding, ADMET, and antibody develop ability.

Across these networks, models are trained on proprietary industry datasets to achieve higher performance and broader applicability while keeping data control and IP protected. We deliver these superior models through drug discovery applications that enable teams to run them at scale, further customize them, and integrate them into existing R&D workflows.

Examples of our live networks include:
  • AI Structural Biology (AISB) Network: Top 20 pharma companies collaborate in the field of co-folding, structure-based binding affinity predictions and antibody design.
  • ADMET Network: Top 50 pharma companies and biotechs collaborate to improve small-molecule property prediction and expand to further drug modalities.
  • Antibody Develop ability Network: Pharma partners collaborate to federate historical and purpose-built antibody develop ability datasets for secure ML training, without data leaving each partner’s environment.

About the role

We are looking for a hands-on Security Lead with strong technical depth to define, operationalize, and scale Apheris’ security capabilities. You will own cloud and application security, incident response, IT and corporate security, and security tooling across our environment. 

You will collaborate closely with engineering, product, and leadership, ensuring that security is embedded throughout our systems, operations, and development processes. You will maintain and evolve the unified security control framework, build scalable security processes, and lead efforts to detect, respond to, and remediate threats. 

Your focus is on anticipating risks, enabling teams, and ensuring that security is a natural part of day-to-day work. If you thrive at the intersection of technical depth, operational excellence, and cross-functional collaboration, while also influencing architecture, processes, and culture, this role is for you.

What you will do

  • Own cloud and application security, including AWS security architecture, IAM, network security, and secure configuration management.
  • Drive and continually improve application security practices, including secure coding guidance, threat modeling support, and automated security testing in the SDLC.
  • Lead the incident response program, including playbook development, on-call readiness, threat detection, and response coordination.
  • Manage vulnerability management processes, ensuring risks are identified, triaged, and remediated effectively with engineering teams.
  • Maintain and evolve security tooling, including monitoring, logging, SIEM/alerting, and secrets management.
  • Collaborate with engineering and platform teams to embed security considerations into design and architectural decisions.
  • Contribute to the unified control framework, ensuring strong security foundations for ISO 27001 and SOC 2
  • Own corporate and IT security, including endpoint management (e.g., MDM), identity and access management, and oversight of the external IT provider.
  • Lead security reviews by our customers, acting asa confident, trusted partner to enterprise clients throughout their evaluation process.
  • Stay ahead of emerging threats, technologies, and best practices to continuously uplift Apheris’ security posture.

What we expect from you

  • A degree in computer science, engineering, or equivalent hands-on experience in technical roles.
  • 5+ years of experience in security engineering, cloud security, application security, or similar technical security roles.
  • Hands-on expertise with AWS security architecture, identity and access management, network security, and modern DevOps practices.
  • Experience implementing or supporting secure development lifecycle (SDLC) practices, collaborating closely with engineering.
  • Strong understanding of modern authentication, authorization, secrets management, and infrastructure-as-code security.
  • Demonstrated experience handling security incidents, vulnerability management, or threat detection.
  • Demonstrated experience with large-enterprise security and compliance expectations, including how major corporates conduct security reviews and vendor due-diligence processes.
  • Experience maintaining compliance programs such as ISO 27001 or SOC 2
  • Ability to build strong relationships across engineering and influence secure design decisions.
  • A pragmatic, solution-oriented mindset that balances security, usability, and speed.
  • Experience mentoring team members and helping them grow their security skills.

Nice to have

  • Experience acting as a Data Protection Officer or supporting regulation like GDPR
  • Experience leading and developing teams, with the ability to mentor others and scale a security function in a fast-growing environment.
  • Understanding of pharma deployment environments and integrations with common R&D platforms (e.g.,Schrödinger Live DesignBenchling).
  • Experience working in B2B SaaS environments, particularly with AI-powered or data-intensive products, and an understanding of the security considerations that come with them.
  • Experience working directly with external partners, customers, and users in fast-moving, high-stakes projects.

What we offer you

  • Industry-competitive compensation, including early-stage virtual share options 
  • Remote-first working – work where you work best 
  • Wellbeing budget, mental health support, work-from-home budget, co-working stipend, and learning budget 
  • Generous holiday allowance 
  • Office Days at our Berlin HQ or a different European location (3x per year) 
  • A high-caliber, execution-focused team with experience from leading organizations