Lead Security Engineer

We are a team of entrepreneurs, clinicians and engineers committed to bringing back joy to the practice of medicine. Together with a community of clinician innovators, we've harnessed the best of machine learning science to develop Nabla: the leading AI assistant that's restoring the human connection at the heart of healthcare. By streamlining clinical documentation, Nabla is helping clinicians focus on matters most—patient care. Today, over 85,000 clinicians across 130+ healthcare organizations trust Nabla to support how they deliver care every day. We're at the start of an ambitious journey: Ambient listening, dictation, coding, and command capabilities are all converging into a proactive assistant that intuitively streamlines clinical and financial workflows. Backed by a recent $70M Series C, we're hiring to build the next generation of clinical AI and improve the lives of clinicians and patients everywhere. This is a great time to join us!

Nabla's phenomenal traction is the result of 3 years of diligent product development. Led by former Meta AI Research engineers, our team has consistently anticipated how AI can revolutionize healthcare delivery. Our Machine Learning team continually leverages the latest advancements to unlock AI's full potential in healthcare. Yann LeCun, Meta's Chief AI Scientist and Turing award winner, is an advisor to Nabla.

Engineering at Nabla is lean, fast-moving, and deeply technical. Our teams span machine learning, native desktop applications, and platform infrastructure to deliver AI into clinical settings reliably and at scale. We are looking for a hands‑on lead security engineer to own the technical side of our security program. You'll partner with our Head of Information Security and Head of IT to build and operate a best‑in‑class infrastructure and application security function. Our SaaS is fully hosted on Google Cloud and handles highly sensitive healthcare data, so security is core to everything we do. This role is ideal for a senior security engineer or manager who wants to take ownership, and build a security engineering function from the ground up in a fast‑scaling startup environment.

You will report to the CTO and work closely with the Head of Security, Engineering Managers, and Operations. This is a high‑trust, high‑ownership role with broad cross‑functional exposure.

• Harden our Google Cloud infrastructure (network, firewalls, proxies, IAM policies, service controls)
• Deploy and manage web application firewalls, DDoS protection, intrusion detection / prevention systems
• Ensure security architecture aligns with healthcare compliance requirements (HIPAA, SOC 2, ISO 27001, GDPR)
• Assess and mitigate security risks related to AI workflows and sensitive data processing pipelines

• Define and enforce authentication & authorization strategies for customer‑facing applications (OAuth, SAML/SCIM support, least privilege) in collaboration with IT for internal identity and SSO management
• Integrate security into the SDLC: SAST, DAST, dependency scanning, IaC scanning, container scanning, and CI/CD pipeline hardening
• Conduct threat modeling and security reviews for new features and system designs
• Establish and maintain secure coding guidelines
• Monitor vulnerabilities and track remediation

• Support relationships with pentesting firms, security assessors, and red‑teaming partners
• Operate vulnerability disclosure and bug bounty programs
• Support incident response including forensic analysis

• Select, deploy, and manage security tools (SIEM, SOAR, log aggregation) to efficiently detect, investigate, and respond to threats, in collaboration with IT for endpoint protection (EDR/MDM).
• Build incident detection and response playbooks and continuously improve response capabilities
• Monitor and triage security alerts, collaborating with engineering and IT on incident resolution

• Ensure encryption at rest and in transit with secure key management (KMS, HSM)
• Implement data minimization, tokenization, and pseudonymization strategies where appropriate
• Maintain detailed audit trails and logging for sensitive data access, and implement data loss prevention (DLP) controls where applicable, in line with HIPAA/GDPR requirements

• Partner with the Head of Information Security (compliance & governance) to align technical controls with SOC 2, ISO 27001, HIPAA, and GDPR requirements
• Work with the Head of IT on endpoint security, vendor security, and access management
• Foster a culture of secure development, running workshops and sharing best practices with engineering teams

• 6‑10+ years in security engineering roles (infrastructure, application, or cloud security)
• Hands‑on experience with Google Cloud security stack (IAM, VPC, Shielded VMs, Cloud Armor, etc.)
• Proven track record deploying and managing modern security tools (EDR, SIEM, IDS/IPS, WAF)
• Strong understanding of modern web application security (authN/authZ, OWASP Top 10, CSP, API security)
• Experience with secure SDLC practices (CI/CD pipeline scanning, SAST, DAST, IaC security)
• Excellent communicator able to work cross‑functionally with engineering, compliance, and IT
• Bonus: experience in regulated industries (healthcare, fintech, govtech)

• Security is mission‑critical - you'll have executive sponsorship and direct CTO partnership
• Opportunity to build and shape the security engineering function from scratch
• Work on meaningful challenges in healthcare, where protecting data is protecting lives

Our offices are based in Paris 3e (Arts & Métiers). Remote policy: Hybrid. Working Language: English.

• Stock ownership
• 100% healthcare coverage
• Meal vouchers
• Public transportation costs covered at 50%
• Exercise class during the workday: Yoga, running, pilates, HIIT
• Unlimited budget for book purchases, so you can continue to learn about IT, security, and leadership
• Culture of trust & accountability - your output matters more than your clock‑in time

When you become a part of our company, you join a team of excellence‑driven, curious, and genuinely kind individuals. Together, we're committed to making clinicians' lives easier and improving healthcare experiences for everyone. We believe in a world where clinicians can focus