Role Description Join Airtable as a Product Security Engineer and play a pivotal role in shaping the security of our rapidly evolving platform as we expand our AI and LLM-powered offerings. You will join the team responsible for safeguarding the application layer of Airtable’s platform. You will partner closely with product engineering teams to build paved roads, frameworks, and automated controls that make the secure path the easy path for our engineering teams. You will help influence application security at scale, ensuring our products are secure by design. What you'll do - Develop self-service security frameworks and "paved roads" that allow engineering teams to ship secure code by default. - Focus on automated guardrails for common vulnerabilities, while prioritizing deep-dive design reviews into complex business logic and data isolation issues (for example, multi-tenant isolation and authorization/permission bypasses) that automated tools cannot catch. - Partner with product and engineering teams to review designs early, contribute to threat modeling for new features and complex initiatives, and provide clear, actionable security guidance. - Research emerging threats and evolving best practices, specifically regarding AI and LLM safety, and implement controls to secure these workflows. - Manage and evolve our approach to external penetration testing and bug bounties, driving remediation for findings and treating vulnerability management as an engineering problem. - Contribute to the long-term roadmaps, metrics, and strategic planning for the security team. - Lead complex threat modeling sessions for major product launches and define secure coding standards, and actively mentor other engineers to raise the technical security bar across the organization. Qualifications - 4+ years of experience in product security or application security, with experience shipping production code. - Strong background in computer science or a related field, with proficiency in writing clean, maintainable code. - Deep familiarity with JavaScript or TypeScript, Node.js, and modern web application frameworks, and can reason about the security implications of systems built on them. - Hands-on experience securing LLM integrations and identifying prompt injection or data leakage risks. - Proficient in writing and reviewing code and treat security as an engineering problem to be solved with software, not just policies. - Excellent at communicating complex security risks to non-security stakeholders and enjoy collaborating cross-functionally to find solutions that balance security with engineering velocity. - Comfortable working in a fast-paced environment, navigating ambiguity, continuously learning about emerging threats and technologies, and contributing to long-term security strategy. Benefits - Opportunity to receive benefits and restricted stock units. - May include incentive compensation. Company Description Airtable is an equal opportunity employer. We embrace diversity and strive to create a workplace where everyone has an equal opportunity to thrive. We welcome people of different backgrounds, experiences, abilities, and perspectives. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status or any characteristic protected by applicable federal and state laws, regulations and ordinances.

• Define and execute the Business Units product security strategy aligned with FDA/MDR/524B expectations, and QMS requirements. • Lead and grow a global product security team, fostering collaboration that balances technical rigor with business needs. • Oversee security integration across medical devices, software, mobile applications, embedded devices, and cloud environments. • Partner with Regulatory, Quality, Legal, Privacy, and Commercial teams to ensure cybersecurity requirements are built into Class I, II, and III devices, supporting PMA and 510(k) submissions. • Champion secure SDLC, DevSecOps, SBOM generation/validation, and vulnerability management across device and software platforms. • Lead emerging technologies (AI and Quantum Cryptography) for medical devices and that will be impacted by cybersecurity. • Make internal and external policy recommendations to mitigate threats and vulnerabilities. • Lead post-market security activities including vulnerability disclosures, CAPAs, routine cyber patching, and incident response. • Operationalize implementation of J&J's enterprise level Product Security Quality Standards and framework throughout the MedTech portfolio of medical devices and supporting platforms. • Act as senior product security SME with customers, hospital IT/IS staff, and clinicians, translating technical requirements into clear business and clinical impact. • Represent product security in FDA and international regulatory inspections, reinforcing trust in our devices. • Advance Product Security J&J enterprise Governance and Quality efforts, including J&J Quality Standards for Product Security and ISRM Product Security Framework. • Lead product security Quality and Regulatory cyber efforts within J&J and through key industry forums (e.g., MDIC, AdvaMed, Health-ISAC) to drive alignment and industry collaboration. • Oversee centralized Product Security penetration testing function serving business unit product security teams to provide real-word risk identification and remediation across MedTech product portfolios. • Scaling scale centralized DevSecOps function serving business unit product security teams that integrate security tooling, secure development controls, and vulnerability management processes into CI/CD pipelines and engineering workflows.

Position Summary STR seeks a skilled Contractor Special Security Officer (CSSO) to lead and maintain compliance for Special Access Programs (SAP) and classified programs at our new Atlanta facility. The CSSO will serve as the primary point of contact for SAP/SCI programs and ensure adherence to all applicable security policies and standards. The CSSO will also perform secondary Facility Security Officer (FSO) duties in support of STR’s Industrial Security Program, overseeing compliance with NISPOM and federal security requirements. ________________________________________ Essential Duties and Responsibilities CSSO Responsibilities (Primary): • Maintain robust security posture and compliance for multiple classified/SAP programs in accordance with DoDM 5205.07, ICD 705, and IC/DOD security policies. • Serve as primary liaison for SAP/SCI program security requirements; partner with STR Program Management and Security disciplines. • Maintain accurate personnel security records in SIMS, JADE, and Scattered Castles. • Conduct self-inspections, support staff assistance visits and manage external/internal program security assessments. • Develop, review, and implement security policies, Standard Operating Procedures, Program Protection (P2), and OPSEC/transportation plans. • Oversee classified material accountability, including Top Secret material. • Write, interpret, and administer DD254s and program documentation. • Review operational requirements and system specifications for incorporation of security measures. • Interpret and apply security classification guidance for programs. • Investigate/document security incidents and implement corrective actions. • Provide security training: initial/refresher briefings, debriefings, and foreign travel briefings. • Attend and participate in security and program meetings. FSO Responsibilities (Secondary): • Ensure full compliance with NISPOM (32 CFR Part 117), FOCI, ITAR, and related government/contractual security requirements. • Oversee the stand-up and management of new cleared facilities, including FCL approval and classified builds. • Manage personnel clearances via DISS/NBIS, eQIP; handle onboarding, briefings, debriefings, and continuous vetting. • Support KMP requirements and maintain Facility Security Clearance (FCL) records. • Oversee physical security systems: access control, alarms, secure storage. • Oversee classified material receipt, storage, transmission, and destruction while maintaining accurate accountability records. • Prepare, issue, and track contract/subcontract DD254 forms. • Conduct annual self-inspections and prepare for DCSA vulnerability assessments. • Develop and deliver security training, including insider threat awareness. • Report security incidents, suspicious contacts, and foreign travel, compliant with federal policies. Required Qualifications • U.S. Citizenship required. • Active Top Secret security clearance with SAP/SCI eligibility. • Minimum 5 years of experience as a CSSO, FSO, or Alternate FSO in the defense industry. • Bachelor’s degree preferred, or equivalent relevant security experience. • Completion of DCSA STEPP FSO Program Management Curriculum. • Demonstrated knowledge of NISPOM, ICD 705, DoDM 5205.07, FOCI, ITAR, and relevant standards. • Proficiency in DISS, NBIS, NISS, eQIP, SIMS, JADE, Scattered Castles, and MS Office. • Experience in interpreting and implementing security classifications, contracts, and incident response/mitigation. • Successful completion of CDSE’s “Intro to SAPs.” • Strong written and oral communication skills; ability to discreetly/diplomatically manage sensitive and complex communications. Preferred Skills • Industrial Security Professional (ISP) or ASIS Certified Protection Professional (CPP) certification. • COMSEC Custodian and/or Insider Threat Program Officer (ITPSO) experience. • Experience in classified information technology and physical/technical security. Key Competencies • Strong independent judgment and compliance orientation. • Expertise in security policy interpretation and development. • Excellent verbal and written communication skills. • Ability to manage complex or sensitive communication scenarios. Physical Demands / Work Environment • Onsite position in Atlanta, GA. • Ability to stand, bend, move throughout the facility for audits/inspections. • Occasional travel (approx. 5–10%) as required. Pay Information Full-Time Salary Range: $125,000.00 to $155,000.00 The salary range listed is based on external market data. Offers are based on factors, such as but not limited to, the candidate’s experience, education, training, key skills/critical skills, security clearances, and prevailing market and business conditions. STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us. STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer. STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info. STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws. If you need a reasonable accommodation for any portion of the employment process, email us at appassist@str.us and provide your contact info. Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.

• Define and execute the Business Units product security strategy aligned with FDA/MDR/524B expectations, and QMS requirements. • Lead and grow a global product security team, fostering collaboration that balances technical rigor with business needs. • Oversee security integration across medical devices, software, mobile applications, embedded devices, and cloud environments • Partner with Regulatory, Quality, Legal, Privacy, and Commercial teams to ensure cybersecurity requirements are built into Class I, II, and III devices, supporting PMA and 510(k) submissions. • Champion secure SDLC, DevSecOps, SBOM generation/validation, and vulnerability management across device and software platforms. • Lead emerging technologies (AI and Quantum Cryptography) for medical devices and that will be impacted by cybersecurity. • Make internal and external policy recommendations to mitigate threats and vulnerabilities. • Lead post-market security activities including vulnerability disclosures, CAPAs, routine cyber patching, and incident response. • Operationalize implementation of J&J's enterprise level Product Security Quality Standards and framework throughout the MedTech portfolio of medical devices and supporting platforms • Act as senior product security SME with customers, hospital IT/IS staff, and clinicians, translating technical requirements into clear business and clinical impact. • Represent product security in FDA and international regulatory inspections, reinforcing trust in our devices. • Advance Product Security J&J enterprise Governance and Quality efforts, including J&J Quality Standards for Product Security and ISRM Product Security Framework. • Lead product security Quality and Regulatory cyber efforts within J&J and through key industry forums (e.g., MDIC, AdvaMed, Health-ISAC) to drive alignment and industry collaboration. • Oversee centralized Product Security penetration testing function serving business unit product security teams to provide real-word risk identification and remediation across MedTech product portfolios. • Scaling centralized DevSecOps function serving business unit product security teams that integrate security tooling, secure development controls, and vulnerability management processes into CI/CD pipelines and engineering workflows.