jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

security

Posted Yesterday

Senior Security Engineer

at Nabla Bio

Hybrid
GCPTerraformPythonBigQueryExcel

Responsibilities

  • - Build detection-as-code: grow the first high-signal rules into a versioned, peer-reviewed rule set (Sigma / YARA-L / scheduled queries) mapped to MITRE ATT&CK and tuned hard against false positives.

Requirements

  • Together with a community of clinician innovators, we’ve harnessed the best of machine learning science to develop Nabla: the leading AI assistant that’s restoring the human connection at the heart of healthcare.
  • Backed by a recent $70M Series C, we’re hiring to build the next generation of clinical AI and improve the lives of clinicians and patients everywhere.
  • This is a great time to join us! THE BEST OF AI AT THE SERVICE OF HEALTHCARE Nabla’s phenomenal traction is the result of 3 years of diligent product development.
  • Led by former Meta AI Research engineers, our team has consistently anticipated how AI can revolutionize healthcare delivery.
  • Our Machine Learning team continually leverages the latest advancements to unlock AI’s full potential in healthcare.
  • Yann LeCun, Meta’s Chief AI Scientist and Turing award winner, is an advisor to Nabla.
  • It has a strong SOC/SIEM core but it is deliberately a security engineer role, not a pure SOC analyst role: you'll regularly cross into application, platform/cloud and corporate security, and you'll own problems end-to-end rather than hand them off.
  • WHAT YOU’LL DO Detection & Response — your core focus - Own our SIEM-of-record end-to-end; take it from deployed to operated: finish and harden log-source onboarding (GCP audit logs, Okta, Google Workspace, GitHub, endpoint telemetry) and own normalization, ingest health and the operating rhythm.
  • - Secure the CI/CD pipeline and SDLC (SAST, dependency and secrets scanning, supply-chain controls) and contribute to threat modeling of new features, including our AI/LLM surfaces.
  • Corporate Security (with IT) - Strengthen the identity plane with IT — Okta policy hardening, phishing-resistant MFA (FIDO2/passkeys), SSO/SCIM coverage, joiner-mover-leaver automation — and route EDR and email-security telemetry into your detections.
  • experience in detection engineering, SOC or incident response. - Proven
  • experience writing detection rules as code (Sigma, YARA-L or equivalent) and tuning them in production.
  • - Python automation (event pipelines, alert enrichment, BigQuery) and Terraform - Incident response and forensics fundamentals; comfortable moving between an IAM review, a CI hardening PR and an Okta policy change - Excellent communication in English able to work cross-functionally with engineering, compliance and IT.
  • - GKE Autopilot & admission controllers, SIEM operations (Google SecOps / Elastic / Panther), or
  • experience in healthcare / another regulated industry is a plus.
  • We firmly believe that by prioritizing your well-being, we support you to excel in your work. Here are the
  • We come to work excited to leverage AI to do more for clinicians.
  • We consistently look for ways to improve and do not shy away from doing the work to excel.
  • Every day is a new chance to excel We aim for nothing less than the best and are willing to put in the effort and dedication required to exceed standards.
  • Nabla does not accept unsolicited CVs from recruiters or employment agencies in response to the Nabla Careers page or a Nabla social media post.
  • Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Nabla.

Experience

  • YOUR DNA - 5–8+ years in security engineering, including at least 2–3 years hands-on

Benefits

  • benefits you get when joining Nabla: - Stock ownership - 100% healthcare coverage - Meal vouchers - Public transportation costs covered at 50% - Exercise class during the workday: Yoga, running, pilates, HIIT - Unlimited budget for book purchases, so you can continue to learn about IT, security, and leadership - Culture of trust & accountability — your output matters more than your clock-in time LIFE AT NABLA When you become a part of our company, you join a team of excellence-driven, curious, and
  • Together, we're committed to making clinicians' lives easier and improving healthcare experiences for everyone.
  • We will never ask for the exchange of any money or credit card details during the recruitment process.

Contact

  • If you’re contacted by a Nabla recruiter, please ensure whomever is contacting you truly represents Nabla and is utilizing a nabla.com http://nabla.com email address.
  • You can find more information following this link https://consumer.ftc.gov/consumer-alerts/2023/05/scammers-are-hijacking-job-ads-heres-how-spot-fakes.

Additional details

  • ABOUT NABLA We are a team of entrepreneurs, clinicians and engineers committed to bringing back joy to the practice of medicine.
  • By streamlining clinical documentation, Nabla is helping clinicians focus on what matters most - patient care.
  • We’re at the start of an ambitious journey: Ambient listening, dictation, coding, and command capabilities are all converging into a proactive assistant that intuitively streamlines clinical and financial workflows.
  • You'll work directly with our Lead Security Engineer, to build and run our detection & response capability from the ground up and to strengthen security well beyond it.
  • If you're pragmatic and hands-on, love building systems from scratch, and want your work to protect patients' most sensitive data, this role is for you.
  • YOUR TEAM We're building a dedicated security engineering team, and we're looking for an exceptional Senior Security Engineer | Detection & Response to be one of its founding members.
  • - Drive MTTD down to minutes on the attack paths that matter; identity abuse, service-account impersonation, bulk data access, CI/CD compromise.
  • - Incident response: rehearse playbooks, lead investigations and forensics, and support breach-notification workflows with the compliance team.
  • - Run the cloud-findings triage loop (Security Command Center / CNAPP) Platform, Cloud & Application Security - Harden our Google Cloud estate (IAM least privilege, org policies, VPC Service Controls, GKE security, Cloud Armor) and codify everything in Terraform.
  • WHY JOIN US - Opportunity to build and shape the security engineering function from scratch - Work on meaningful challenges in healthcare, where protecting data is protecting lives WHERE YOU’LL BE BASED Our offices are based in Paris 3e (Arts & Métiers).

Find more real-time jobs on JobLoom.