Job Specifications
About The Company
Biorce is a pioneering Healthtech company dedicated to revolutionizing drug development through the power of AI. We are passionate about accelerating medical advancements and improving patient outcomes.
Our team comprises seasoned clinical research professionals, data scientists, and AI experts, working collaboratively to bridge the gap between cutting-edge technology and real-world clinical needs.
With an unwavering commitment to revolutionize healthcare, we envision a world where all patients benefit from accelerated and cost-effective access to treatments. Biorce is poised to redefine the landscape of healthcare, shaping a future where innovation and accessibility converge for the betterment of humanity.
How You’ll Make An Impact
Conduct in-depth security code reviews across backend and frontend repositories to identify vulnerabilities and enforce secure coding best practices.
Implement, integrate, and manage security scanning tools such as Aikido, Snyk, or similar solutions to strengthen the application security pipeline.
Develop and maintain automated security checks within CI/CD workflows to ensure continuous enforcement of standards.
Support compliance and governance initiatives by operating and optimizing GRC platforms like Vanta or comparable tools.
Collaborate closely with engineering, DevOps, and product teams to improve security posture while enabling rapid development.
Monitor, investigate, and respond to security incidents, ensuring timely resolution and root-cause analysis.
Drive internal security training and foster a culture of security awareness across the company.
What You Bring
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Security, or a related field, with 4+ years of experience in application or product security.
Hands-on experience performing security code reviews, threat modeling, and vulnerability assessments.
Practical experience with AppSec tools such as Aikido, Snyk, or equivalents (e.g., GitHub Advanced Security, SonarQube).
Experience working with GRC tools like Vanta, Drata, Secureframe, or similar compliance platforms.
Strong understanding of modern security practices, including OWASP Top 10, secure SDLC, dependency management, and RBAC/authorization patterns.
Familiarity with DevOps environments, including CI/CD pipelines, containerization (Docker), orchestration (Kubernetes), and cloud services (AWS, GCP, or Azure).
Experience performing incident response, log analysis, and security monitoring.
Proficiency with Git, documentation tools (Confluence), and project management systems (Jira).
Excellent communication skills and the ability to collaborate across engineering, compliance, and operations teams.
Bonus: Experience with infrastructure-as-code security (Terraform, Pulumi).
Bonus: Certifications such as OSCP, OSWE, CISSP, or CSSLP.
Bonus: Experience leading penetration testing efforts or coordinating with third-party security assessors.
Bonus: Exposure to regulated environments (SOC 2, HIPAA, GDPR, ISO 27001).
Why Join Us
A dynamic work environment with an international team, where collaboration and diversity thrive.
Work alongside top security-minded engineers committed to building safe, resilient technology.
Hybrid work model offering flexibility to balance professional and personal life.
Comprehensive private health coverage to support your physical and mental well-being.
Company-sponsored premium gym membership to help you stay active.
Pet-friendly office in Barcelona with beautiful beach views.
Coffee, tea, beverages, and snacks available to keep you energized throughout the day.
Regular company events to celebrate milestones and strengthen team culture.
A MacBook and all necessary security tools to empower your best work.