NMDP · 16 hours ago
Senior Information Security Engineer
United States
Full-time
Remote
Senior Level
$105K/yr - $130K/yr
7+ years expNMDP is seeking a Senior Information Security Engineer responsible for designing, implementing, and improving technical security controls for internally developed applications. This hands-on role involves conducting secure code reviews, leading threat modeling, and collaborating with various teams to embed security into development practices.
Medical DeviceHealthcareHealth CareHealth DiagnosticsMedical
Responsibilities
Perform secure code reviews for internally developed applications and services, identifying vulnerabilities, insecure patterns, and design flaws; provide clear remediation guidance and verification
Lead application security assessments across the SDLC, including design reviews, threat modeling, security requirements definition, and pre-release security sign-off criteria
Support driving vulnerability management for application findings by prioritizing risk, defining remediation plans, tracking progress, and validating fixes
Establish and maintain secure coding standards, reusable security patterns, and developer guidance for the organization; provide coaching and enablement to engineering teams
Perform security reviews of AI/ML solutions, including data ingestion pipelines, feature stores, model training workflows, model artifact handling, and inference/serving services
Define and validate guardrails for AI/ML features (input/output handling, access controls, content filtering, secret protection, environment separation)
Work collaboratively with development, DevOps, QA, and infrastructure teams to integrate security controls into CI/CD pipelines and application architectures
Support the ongoing maturity of the Information Security program through focused process improvements
Maintain up-to-date knowledge of application security frameworks, DevSecOps methodologies, and relevant laws, regulations, and industry standards (e.g., OWASP, NIST, PCI DSS)
Manage and remediate application vulnerabilities by guiding secure coding practices, code review, automated static/dynamic analysis, and penetration testing
Participate in the evaluation of vendor proposals, conduct process analysis, review information security architectures, and recommend modifications to reduce costs or improve service
Research, recommend, and implement application security solutions and tools (e.g., SAST, DAST, SCA, CSPM, etc.) to proactively identify and mitigate risks throughout the SDLC
Conduct and document application security procedures, including secure code review, vulnerability management, metrics reporting, and secure deployment practices
Assist in the development, implementation, and ongoing maintenance of IT security and control infrastructures
Manage and maintain application centric security systems and technologies, such as WAF, DAST, SAST, CSPM, and IaC scanning
Coordinate and conduct security impact analysis in conjunction with change management, security operations, and business continuity processes
Coordinate and conduct system and application security reviews throughout all phases of the life cycle to protect NMDP data, focusing on confidentiality, integrity, and availability
Support efforts to ensure the systems security program remains compliant with required regulations
Support and report on security-related audits to ensure actual practices comply with system security programs
Perform system security administration tasks, including monitoring and correlating security events
Collaborate with technical counterparts on implementation of security technologies and application security
Maintain current knowledge of the latest cybersecurity threats, trends, and technologies
Centrally monitor critical systems and respond to security events according to established procedures and experience
Oversee incident response and risk assessments to support threat mitigation, coordinate with vendors, and facilitate security related incident response planning
Investigate, document, and recommend corrective actions for information security incidents
Respond to security incident alarms on a rotating, 24x7 schedule
Perform other duties as assigned
Qualification
Required
Knowledge of secure software development practices, secure software architecture principles, and common vulnerability classes with demonstrated ability to translate findings into practical engineering fixes
Knowledge of cloud-native, containerized, and serverless security concepts; particularly AWS IAM and event-driven architectures
Demonstrated understanding of secure application development, DevSecOps practices, and application security technologies (e.g., SAST, DAST, SCA, container security)
Knowledge of AI/ML security concepts relevant to internal AI development (data governance, model/inference service security, and common AI threat scenarios). Equivalent demonstrated experience securing complex systems with the ability to quickly build AI security depth is acceptable
Demonstrate experience with one or more of the following: Application Vulnerability Management, Identity and Access Management, and Data Loss Prevention process development, technical analysis and supporting technologies
Demonstrate understanding in forensic investigations, data recovery and the handling of digital evidence
Ability to develop, implement, and maintain new or maturing security systems, protocols, and processes within a complex organization
Ability to conduct security reviews and identify potential vulnerabilities and improvements in security design
Demonstrate excellent interpersonal skills in areas such as collaborative co-development, teamwork, facilitation, and negotiation
Excellent planning and organizational skills. An attitude of positive determination and accountability
Demonstrate strong troubleshooting and analytical skills
Able to work both independently and collaboratively in a demanding environment
Maintain extreme confidentiality of sensitive information
Bachelor's degree in computer science, management information systems, or related field. Four years work experience in the areas of information security, systems or network administration, programming, or systems analysis may be substituted for a degree
Seven (7) or more years of experience in information security, software engineering, DevSecOps, SRE/Platform Engineering, or a closely related field
At least four (4) years of direct application security experience, including hands-on secure code review and vulnerability remediation guidance
Preferred
Strong programming and code review capability in languages commonly used for internal services (e.g., Python and one of: TypeScript/JavaScript, Java, Go)
Experience with AI/ML security reviews, LLM-enabled applications, or MLOps/LLMOps controls
Familiarity with recognized security frameworks and guidance relevant to app and AI security
Having CISSP, OWASP, GIAC, or CISM certification strongly desired
Benefits
Medical
Dental
Vision
Life and disability
Accident/critical illness/hospital
Well-being
Legal
Identity theft
Pet benefits
Retirement
Paid time off/holidays
Leave
Incentive plans
Company
NMDP
NMDP is a non-profit organization that specializes in cell therapy, offering treatments and cures for blood cancer and disorders.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Jessica Kowal
Chief Philanthropy Officer
Recent News
2026-01-11
Company data provided by crunchbase