Job Specifications
About Nabla
We are a team of entrepreneurs, clinicians and engineers committed to bringing back joy to the practice of medicine.
Together with a community of clinician innovators, we’ve harnessed the best of machine learning science to develop Nabla: the leading AI assistant that’s restoring the human connection at the heart of healthcare. By streamlining clinical documentation, Nabla is helping clinicians focus on matters most - patient care. Today, over 85,000 clinicians across 130+ healthcare organizations trust Nabla to support how they deliver care every day.
We’re at the start of an ambitious journey: Ambient listening, dictation, coding, and command capabilities are all converging into a proactive assistant that intuitively streamlines clinical and financial workflows.
Backed by a recent $70M Series C, we’re hiring to build the next generation of clinical AI and improve the lives of clinicians and patients everywhere.
This is a great time to join us!
The best of AI at the service of healthcare
Nabla’s phenomenal traction is the result of 3 years of diligent product development.
Led by former Meta AI Research engineers, our team has consistently anticipated how AI can revolutionize healthcare delivery. Our Machine Learning team continually leverages the latest advancements to unlock AI’s full potential in healthcare.
Yann LeCun, Meta’s Chief AI Scientist and Turing award winner, is an advisor to Nabla.
Engineering at Nabla
Engineering at Nabla is lean, fast-moving, and deeply technical. Our teams span machine learning, native desktop applications, and platform infrastructure to deliver AI into clinical settings reliably and at scale..
We are looking for a hands-on lead security engineer to own the technical side of our security program. You’ll partner with our Head of Information Security and Head of IT to build and operate a best-in-class infrastructure and application security function. Our SaaS is fully hosted on Google Cloud and handles highly sensitive healthcare data, so security is core to everything we do.
This role is ideal for a senior security engineer or manager who wants to take ownership, and build a security engineering function from the ground up in a fast-scaling startup environment.
Your Team
You will report to the CTO and work closely with the Head of Security, Engineering Managers, and Operations. This is a high-trust, high-ownership role with broad cross-functional exposure.
What You’ll Do
Infrastructure Security
Harden our Google Cloud infrastructure (network, firewalls, proxies, IAM policies, service controls)
Deploy and manage web application firewalls, DDoS protection, intrusion detection / prevention systems
Ensure security architecture aligns with healthcare compliance requirements (HIPAA, SOC 2, ISO 27001, GDPR)
Assess and mitigate security risks related to AI workflows and sensitive data processing pipelines
Application Security
Define and enforce authentication & authorization strategies for customer-facing applications (OAuth, SAML/SCIM support, least privilege) in collaboration with IT for internal identity and SSO management
Integrate security into the SDLC: SAST, DAST, dependency scanning, IaC scanning, container scanning, and CI/CD pipeline hardening
Conduct threat modeling and security reviews for new features and system designs
Establish and maintain secure coding guidelines
Monitor vulnerabilities and track remediation
External Partnerships
Support relationships with pentesting firms, security assessors, and red-teaming partners
Operate vulnerability disclosure and bug bounty programs
Support incident response including forensic analysis
Security Operations (SecOps)
Select, deploy, and manage security tools (SIEM, SOAR, log aggregation) to efficiently detect, investigate, and respond to threats, in collaboration with IT for endpoint protection (EDR/MDM).
Build incident detection and response playbooks and continuously improve response capabilities
Monitor and triage security alerts, collaborating with engineering and IT on incident resolution
Data Protection
Ensure encryption at rest and in transit with secure key management (KMS, HSM)
Implement data minimization, tokenization, and pseudonymization strategies where appropriate
Maintain detailed audit trails and logging for sensitive data access, and implement data loss prevention (DLP) controls where applicable, in line with HIPAA/GDPR requirements
Cross-functional Collaboration & Culture
Partner with the Head of Information Security (compliance & governance) to align technical controls with SOC 2, ISO 27001, HIPAA, and GDPR requirements
Work with the Head of IT on endpoint security, vendor security, and access management
Foster a culture of secure development, running workshops and sharing best practices with engineering teams
Your DNA
6–10+ years in security engineering roles (infrastructure, application, or cloud security)
Hands-on experience with Google Cloud security stack (IAM,