Job Closed
This listing is no longer active.
We save lives through cell therapy.
Senior Information Security Engineer
Location
United States
Posted
97 days ago
Salary
$105K - $130K / year
Seniority
Senior
No structured requirement data.
Job Description
Senior Information Security Engineer
NMDP
POSITION SUMMARY: The Sr Information Security Engineer is responsible for designing, implementing, and continuously improving the technical security controls that protect internally developed applications, including cloud systems, containerized, and serverless workloads. This role is a hands-on application security specialist who performs deep secure code reviews, leads threat modeling, and drives remediation of complex vulnerabilities across the SDLC. Collaborating with other technical teams, this role ensures secure application development, deployment, and operation by assessing maturity, defining security requirements and guardrails, and delivering prioritized recommendations to improve pipeline controls, tooling, and integrations within the DevSecOps pipeline. Key responsibilities include conducting application security assessments, guiding secure software development practices, and advancing the maturity of application security capabilities. The Information Security Engineer partners with development, operations, and security teams to embed security into development practices and responds as a subject matter expert during application-related security incidents. ACCOUNTABILITIES: Application Security Engineering • Perform secure code reviews for internally developed applications and services, identifying vulnerabilities, insecure patterns, and design flaws; provide clear remediation guidance and verification. • Lead application security assessments across the SDLC, including design reviews, threat modeling, security requirements definition, and pre-release security sign-off criteria. • Support driving vulnerability management for application findings by prioritizing risk, defining remediation plans, tracking progress, and validating fixes. • Establish and maintain secure coding standards, reusable security patterns, and developer guidance for the organization; provide coaching and enablement to engineering teams. • Perform security reviews of AI/ML solutions, including data ingestion pipelines, feature stores, model training workflows, model artifact handling, and inference/serving services. • Define and validate guardrails for AI/ML features (input/output handling, access controls, content filtering, secret protection, environment separation) • Work collaboratively with development, DevOps, QA, and infrastructure teams to integrate security controls into CI/CD pipelines and application architectures. • Support the ongoing maturity of the Information Security program through focused process improvements. • Maintain up-to-date knowledge of application security frameworks, DevSecOps methodologies, and relevant laws, regulations, and industry standards (e.g., OWASP, NIST, PCI DSS). • Manage and remediate application vulnerabilities by guiding secure coding practices, code review, automated static/dynamic analysis, and penetration testing. • Participate in the evaluation of vendor proposals, conduct process analysis, review information security architectures, and recommend modifications to reduce costs or improve service. • Research, recommend, and implement application security solutions and tools (e.g., SAST, DAST, SCA, CSPM, etc.) to proactively identify and mitigate risks throughout the SDLC. Security Operations • Conduct and document application security procedures, including secure code review, vulnerability management, metrics reporting, and secure deployment practices. • Assist in the development, implementation, and ongoing maintenance of IT security and control infrastructures. • Manage and maintain application centric security systems and technologies, such as WAF, DAST, SAST, CSPM, and IaC scanning. • Coordinate and conduct security impact analysis in conjunction with change management, security operations, and business continuity processes. • Coordinate and conduct system and application security reviews throughout all phases of the life cycle to protect NMDP data, focusing on confidentiality, integrity, and availability. • Support efforts to ensure the systems security program remains compliant with required regulations. • Support and report on security-related audits to ensure actual practices comply with system security programs. • Perform system security administration tasks, including monitoring and correlating security events. • Collaborate with technical counterparts on implementation of security technologies and application security. • Maintain current knowledge of the latest cybersecurity threats, trends, and technologies. Security Response • Centrally monitor critical systems and respond to security events according to established procedures and experience. • Oversee incident response and risk assessments to support threat mitigation, coordinate with vendors, and facilitate security related incident response planning. • Investigate, document, and recommend corrective actions for information security incidents. • Respond to security incident alarms on a rotating, 24x7 schedule. • Perform other duties as assigned. REQUIRED QUALIFICATIONS: Knowledge of: • Secure software development practices, secure software architecture principles, and common vulnerability classes with demonstrated ability to translate findings into practical engineering fixes. • Cloud-native, containerized, and serverless security concepts; particularly AWS IAM and event-driven architectures. • Demonstrated understanding of secure application development, DevSecOps practices, and application security technologies (e.g., SAST, DAST, SCA, container security). • AI/ML security concepts relevant to internal AI development (data governance, model/inference service security, and common AI threat scenarios). Equivalent demonstrated experience securing complex systems with the ability to quickly build AI security depth is acceptable. • Demonstrate experience with one or more of the following: Application Vulnerability Management, Identity and Access Management, and Data Loss Prevention process development, technical analysis and supporting technologies. • Demonstrate understanding in forensic investigations, data recovery and the handling of digital evidence. Ability to: • Develop, implement, and maintain new or maturing security systems, protocols, and processes within a complex organization. • Conduct security reviews and identify potential vulnerabilities and improvements in security design. • Demonstrate excellent interpersonal skills in areas such as collaborative co-development, teamwork, facilitation, and negotiation. • Excellent planning and organizational skills. An attitude of positive determination and accountability. • Demonstrate strong troubleshooting and analytical skills. • Able to work both independently and collaboratively in a demanding environment. • Maintain extreme confidentiality of sensitive information. Education and/or Experience: • Bachelor’s degree in computer science, management information systems, or related field. Four years work experience in the areas of information security, systems or network administration, programming, or systems analysis may be substituted for a degree. • Seven (7) or more years of experience in information security, software engineering, DevSecOps, SRE/Platform Engineering, or a closely related field. • At least four (4) years of direct application security experience, including hands-on secure code review and vulnerability remediation guidance. PREFERRED QUALIFICATIONS: (Additional qualifications that may make a person even more effective in the role, but are not required for consideration) • Strong programming and code review capability in languages commonly used for internal services (e.g., Python and one of: TypeScript/JavaScript, Java, Go). • Experience with AI/ML security reviews, LLM-enabled applications, or MLOps/LLMOps controls. • Familiarity with recognized security frameworks and guidance relevant to app and AI security. • Having CISSP, OWASP, GIAC, or CISM certification strongly desired. NMDP offers regular, full-time employees medical, dental, vision, life and disability, accident/critical illness/hospital, well-being, legal, identity theft and pet benefits. Retirement, paid time off/holidays, leave and incentive plans are also offered to eligible employees. Please reference this link for more information: NMDP Benefit Information
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Virtual Virginia (VVA) seeks a Virginia-certified part-time instructor of Music. The position requires working with curriculum in the Canvas Learning Management System (LMS), conducting regular live sessions with students, holding regular office hours, and maintaining open communication with parents, schools, students, and VVA administrators. - Teach assigned courses in the endorsement area. - Communicate regularly with students, schools, and families. - Work with VVA administration to revise curriculum as needed. - Follow all policies outlined in the Virtual Virginia Teacher Handbook and by VVA administration. - Maintain student records in compliance with VVA policies and procedures. Qualifications - Bachelor's degree (B.A.) from a four-year college or university. - Certification from the Commonwealth of Virginia in the relevant subject area. - Experience working in an online educational environment is preferred. - Experience with the Canvas Learning Management system preferred, but not required. - The applicant will have to complete a three-week teacher training course upon acceptance of the position if they have not already done so. - Fluent in English. - Ability to respond to common inquiries or complaints in a manner consistent with VVA policies and guidelines. - Ability to work with mathematical concepts and to apply concepts such as fractions, percentages, ratios, and proportions to practical situations. Requirements - Valid Virginia teacher's license with an endorsement in the appropriate area. - Completion of Teaching With Virtual Virginia course or agreement to complete during the next training cycle. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - Regularly required to sit. - Frequently required to walk; use hands to finger, handle, or feel; and talk or hear. - Occasionally required to stand. - Frequently lift and/or move up to 10 pounds and occasionally lift and/or move individual equipment 25 to 50 pounds. - Specific vision abilities required include close vision, depth perception, and ability to adjust focus. Work Environment The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - The noise level in the work environment is usually quiet, but varies by work location. Evaluation Performance of this job will be evaluated in accordance with Virtual Virginia policies and a timeline of evaluation of all program administration and support personnel.
Sales Strategist – Application Security
ArmisArmis was founded in 2015 and quickly gained prominence for its innovative approach to cybersecurity. It delivers a cloud-based platform that identifies all ass
• Act as a technical overlay specialist in the sales process. • Collaborate closely with the sales team to understand customer requirements and propose solutions that effectively demonstrate the value of AppSec. • Lead and support pre-sales activities including technical presentations, demonstrations, and solution scoping. • Work closely with prospects to understand their technical challenges and requirements. • Become a subject matter expert on AppSec and related vulnerability and remediation technologies. • Articulate the technical benefits and competitive advantages to both technical and non-technical audiences. • Engage with prospects and customers to build strong relationships and understand their pain points. • Provide expert guidance on how we can address their specific vulnerability management needs. • Work closely with product management and engineering teams to provide feedback from the field and influence the product roadmap. • Stay current with industry trends, competitive landscape, and emerging technologies in vulnerability management and remediation.
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position requires a Master's Degree with a minimum 18 graduate hours in Computer Science. The role involves: - Working with curriculum in a Learning Management System (LMS) - Conducting daily group and individual live sessions with students - Holding regular office hours - Maintaining open communication with parents, schools, students, and VVA administrators Qualifications - Master's degree (M.A. or M.S.) from a university with at least 18 graduate hours in the content area - Certification from the Commonwealth of Virginia in the relevant subject area - Experience working in an online educational environment is preferred - Experience with the Canvas Learning Management system preferred, but not required - The applicant will have to complete an online teacher training course upon acceptance of the position, if they have not already done so Requirements - Hold or be eligible for a Virginia Teacher's License with the appropriate endorsement - Have experience in lesson planning and curriculum development - Have experience and expertise in using technology in education - Have experience or working familiarity with Learning Management Systems (LMS) and online/blended course work - Facilitate instruction of asynchronous core content areas within an assigned grade level - Utilize web-conferencing software to deliver live instruction and support as needed - Work with VVA administration to adapt and add to the curriculum as needed - Follow all policies outlined in the Virtual Virginia Teacher Handbook and by VVA administration - Maintain student records in compliance with VVA policies and procedures - Communicate regularly with local schools and parents to support student success
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Virtual Virginia (VVA) seeks a Virginia-certified part-time instructor of Spanish. The position requires working with curriculum in the Canvas Learning Management System (LMS), conducting regular live sessions with students, holding regular office hours, and maintaining open communication with parents, schools, students, and VVA administrators. - Teach assigned courses in the endorsement area. - Communicate regularly with students, schools, and families. - Work with VVA administration to revise curriculum as needed. - Follow all policies outlined in the Virtual Virginia Teacher Handbook and by VVA administration. - Maintain student records in compliance with VVA policies and procedures. Qualifications - Bachelor's degree (B.A.) from a four-year college or university. - Certification from the Commonwealth of Virginia in the relevant subject area. - Experience working in an online educational environment is preferred. - Experience with the Canvas Learning Management system preferred, but not required. - The applicant will have to complete a three-week teacher training course upon acceptance of the position if they have not already done so. - Fluent in English and the language of instruction. - Ability to respond to common inquiries or complaints in a manner consistent with VVA policies and guidelines. Requirements - Valid Virginia teacher's license with an endorsement in the appropriate area. - Completion of Teaching With Virtual Virginia course or agreement to complete during the next training cycle. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - Regularly required to sit. - Frequently required to walk; use hands to finger, handle, or feel; and talk or hear. - Occasionally required to stand. - Frequently lift and/or move up to 10 pounds. - Occasionally lift and/or move individual equipment 25 to 50 pounds. - Specific vision abilities required include close vision, depth perception, and ability to adjust focus. Work Environment The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. - The noise level in the work environment is usually quiet, but varies by work location. Evaluation Performance of this job will be evaluated in accordance with Virtual Virginia policies and a timeline of evaluation of all program administration and support personnel.
