Senior/Staff Application Security Engineer

Senior/Staff Application Security Engineer ABOUT ABRIDGE Abridge was founded in 2018 with the mission of powering deeper understanding in healthcare. Our AI-powered platform was purpose-built for medical conversations, improving clinical documentation efficiencies while enabling clinicians to focus on what matters most—their patients. Our enterprise-grade technology transforms patient-clinician conversations into structured clinical notes in real-time, with deep EMR integrations. Powered by Linked Evidence and our purpose-built, auditable AI, we are the only company that maps AI-generated summaries to ground truth, helping providers quickly trust and verify the output. As pioneers in generative AI for healthcare, we are setting the industry standards for the responsible deployment of AI across health systems. We are a growing team of practicing MDs, AI scientists, PhDs, creatives, technologists, and engineers working together to empower people and make care make more sense. We have offices located in the Mission District in San Francisco, the SoHo neighborhood of New York, and East Liberty in Pittsburgh. THE ROLE Want to work on building out security from the ground up at the leading edge of AI in healthcare globally? We're looking for a very experienced and highly motivated Senior or Staff Application Security Engineer to join our team as one of the first engineers on the Abridge Security team. In this role, you'll be a key technical leader, driving key initiatives that shape our product, infrastructure, and engineering practices. Impact both the vision and hands-on execution of our secure software development lifecycle (SDLC) across the entire product portfolio. You'll work cross-functionally with product and engineering teams to integrate security seamlessly, automate security capabilities and controls, and mentor others to build secure-by-default systems at scale in the age of AI. This position requires deep technical expertise, a builder's mindset, and excellent communication skills to influence security culture across the organization. WHAT YOU’LL DO SECURE DEVELOPMENT & ARCHITECTURE LEADERSHIP - Lead Threat Modeling and Design Reviews: Impact the product from ideation through to code that is shipping to production. Conduct advanced threat modeling and security architecture reviews for complex systems, new products, and platform initiatives, providing expert guidance and requirements to meet Abridge’s security goals. - Define Security Strategy: Define and implement the technical roadmap for the Application Security program, focusing on scalable assurance, proactive security measures, and setting clear standards and guardrails. - Mentor and Enable: Act as a subject matter expert and trusted advisor to product and engineering teams, providing mentorship on security features, product defense, secure coding practices, application architecture, and vulnerability remediation strategies. - Conduct Training & Awareness: Develop training materials for engineers to build a foundation of security best practices across the engineering organization. VULNERABILITY MANAGEMENT & INCIDENT RESPONSE - Code and Security Reviews: Perform and lead in-depth secure code reviews (both manual and tool-assisted) to identify complex security vulnerabilities and flaws, including logic and authorization vulnerabilities that automated tools often miss. Get hands on with assessing AI models, agents, and architectures. - Internal Penetration Testing: Lead internal penetration testing engagements for net new products and historical systems identify security risks across our environment. - Vulnerability Program Oversight: Design and enhance the end-to-end vulnerability management program for Abridge’s products and applications, ensuring timely identification, prioritization, and remediation of critical security issues while doing so in as developer-friendly a way as possible. - Security Incident Response: Serve as an expert on Abridge’s p ... (truncated, view full listing at source)