Senior AppSec Engineer optimizing application security controls in Flutter's development ecosystem. Managing SAST/SCA tools and conducting vulnerability analyses in a hybrid work environment.
About the role
- Director of Product Security at Abridge, defining and driving product security strategy. Leading security assurance, proactive risk reduction, and maintaining world-class security posture in hybrid environment.
Responsibilities
- Product Security Strategy: Define and continuously evolve the long-term Product Security strategy, ensuring alignment with Abridge.ai's business goals and technological advancements.
- Security Roadmap Ownership: Own the creation and execution of the Product Security roadmap, including security features, SDLC enhancements, threat modeling initiatives, and overall risk reduction milestones.
- Financial Oversight: Manage the Product Security budget, including forecasting security tool expenditures, vendor contracts, and personnel resource allocation.
- Metric-Driven Management: Define, track, and report on key performance indicators (KPIs) and security metrics to measure the effectiveness of all security programs and provide data-driven insights to leadership.
- Impact Analysis: Conduct regular impact analysis (ROI) of security investments and lead time/cost-reduction efforts. Translate complex security risks into clear business risk terms to justify strategic initiatives.
- Lead and Mentor: Serve as a motivating people leader for a growing team of Security Engineers and Analysts, providing career development, mentorship, and regular performance feedback.
- Strategy and Scaling: Define and execute on goals in a hypergrowth AI company, focusing on enabling secure AI development and deployment globally.
- Security Industry Engagement: Actively participate in and be a thought leader for the security industry by giving talks at conferences, publishing papers, hosting forums, etc.
- Multi-Cloud Strategy: Define the security architecture and strategy for our cloud environments (GCP, AWS, Azure, etc.).
- Containerization Security: Lead the implementation of security controls for containerized applications, with a deep focus on securing Kubernetes clusters, including network policies and secrets management.
- IaC Security: Implement security guardrails within Infrastructure as Code (e.g., Terraform) to ensure all cloud resources are provisioned securely.
- Integrate Security: Partner with Engineering and Product leadership to embed security processes into the Software Development Lifecycle (SDLC).
- Security Practices: Develop and oversee secure coding practices, security architecture reviews, and static/dynamic code analysis practices across all applications.
- Vulnerability Management: Direct the vulnerability management and penetration testing programs, ensuring comprehensive coverage and rapid, prioritized remediation of findings.
- Data Protection: Lead the data security program, focusing on the protection, encryption, and access controls for highly sensitive patient data (PII, PHI, AI models, etc.).
- AI/ML Security: Establish security engineering practices for our AI/ML models and pipeline, including model integrity, adversarial attack prevention, model red-teaming, securing agentic AI, etc.
Requirements
- Experience: 10+ years of progressive experience in security, with a minimum of 10 years leading security teams, programs, or large-scale initiatives in a senior leadership capacity.
- Business Acumen: Demonstrated experience running security as a business unit, including budget management, strategic forecasting, and translating technical risk into business impact (ROI).
- Engineering Proficiency: Must be proficient, at an engineering level, in at least one or more general-purpose programming languages. Experience with Python and/or NextJS is a significant plus.
- Cloud Expertise: Deep technical expertise in securing at least one major cloud platform (GCP, AWS, or Azure) and demonstrable experience with modern cloud security principles and tools.
- Containerization: Mandatory expertise in securing container orchestration technologies, specifically Kubernetes.
- Industry Knowledge: Proven experience securing products (enterprise SaaS, cloud environments) handling highly sensitive data, such as Protected Health Information (PHI), with specific knowledge of NIST 800-53 / 800-171, FedRAMP, HIPAA, NIS2 and other relevant security and privacy regulations and frameworks.
- Communication: Exceptional communication and presentation skills, with the ability to convey complex security issues and technical risks to both technical and non-technical audiences, including executives, customers, government agencies, and board members.
Benefits
- Generous Time Off: 14 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees
- Comprehensive Health Plans: Medical, Dental, and Vision coverage for all full-time employees and their families.
- Generous HSA Contribution: If you choose a High Deductible Health Plan, Abridge makes monthly contributions to your HSA.
- Paid Parental Leave: Generous paid parental leave for all full-time employees.
- Family Forming Benefits: Resources and financial support to help you build your family.
- 401(k) Matching: Contribution matching to help invest in your future.
- Personal Device Allowance: Tax free funds for personal device usage.
- Pre-tax Benefits: Access to Flexible Spending Accounts (FSA) and Commuter Benefits.
- Lifestyle Wallet: Monthly contributions for fitness, professional development, coworking, and more.
- Mental Health Support: Dedicated access to therapy and coaching to help you reach your goals.
- Sabbatical Leave: Paid Sabbatical Leave after 5 years of employment.
- Compensation and Equity: Competitive compensation and equity grants for full time employees.
- ... and much more!
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Lead Information Security Office Consultant at Capital One, consulting on initiatives to enhance Information Security. Collaborating with technology teams to manage cyber security risks and ensure data protection.
Stage QSE en sécurité pour réviser le Document Unique d’Évaluation des Risques Professionnels. Accompagnement du Responsable QSE sur divers projets structurants.
Senior Security Data Scientist developing innovative AI solutions for security challenges at Desjardins Group. Collaborating on data analysis and monitoring initiatives to enhance security posture.
Cybersecurity Manager leading corporate - level cybersecurity strategy in hybrid DoW and commercial sectors. Responsible for securing space systems and managing risk across various platforms.
Program Security Officer overseeing security operations for T2S Solutions supporting classified satellite and mission operations. Managing compliance with DoD and Intelligence Community security requirements, enabling effective operations.
On Call Security Officer ensuring campus safety at Whitman College by patrolling and managing emergency situations. Temporary role requiring flexibility for night and weekend shifts.
Cyber Security Engineer at TechSeed, working on security solutions within connected ecosystems in Göteborg. Collaborating with clients on secure development frameworks and practices.
Senior Cyber Security Consultant at TechSeed focusing on tailored security strategies and risk management. Collaborating with clients to ensure security compliance and best practices in cyber security.
Director of Cybersecurity leading Brixmor's comprehensive cybersecurity strategy and managing high - performing teams. Overseeing cyber risk management and compliance in real estate and retail sectors.