Secure the Future of Healthcare with Nabla
Imagine using your cybersecurity expertise to protect the sensitive data of over 85,000 clinicians and their patients. At Nabla, that's exactly what you'll do. We're revolutionizing healthcare with AI, and we need a passionate and experienced Lead Security Engineer to help us build and maintain a world-class security posture.
Backed by a recent $70M Series C and guided by AI luminary Yann LeCun (Meta's Chief AI Scientist and Turing Award winner), we're at the forefront of clinical AI innovation. This is your chance to join a team of former Meta AI Research engineers and build the future of healthcare, one secure line of code at a time.
Why Nabla?
Impactful Work: Protect sensitive healthcare data and directly improve the lives of clinicians and patients.
Cutting-Edge Tech: Work with the latest AI technologies and cloud security tools in a fast-paced startup environment.
Build from the Ground Up: Take ownership of our security program and shape the security engineering function from scratch.
Executive Support: Collaborate directly with the CTO and Head of Information Security, with strong executive sponsorship for security initiatives.
Hybrid Environment: Enjoy the flexibility of a hybrid work environment, with offices based in the vibrant Arts & Métiers district of Paris.
The Mission: Your Impact
As our Lead Security Engineer, you will be the technical cornerstone of our security program, partnering with the Head of Information Security and Head of IT to safeguard our SaaS platform hosted on Google Cloud. Your mission is to build and operate a best-in-class infrastructure and application security function, ensuring the confidentiality, integrity, and availability of our data.
What You'll Tackle:
Infrastructure Security
Harden our Google Cloud infrastructure (network, firewalls, proxies, IAM policies, service controls).
Deploy and manage web application firewalls, DDoS protection, intrusion detection/prevention systems.
Ensure security architecture aligns with healthcare compliance requirements (HIPAA, SOC 2, ISO 27001, GDPR).
Assess and mitigate security risks related to AI workflows and sensitive data processing pipelines.
Application Security
Define and enforce authentication & authorization strategies for customer-facing applications (OAuth, SAML/SCIM support, least privilege) in collaboration with IT for internal identity and SSO management.
Integrate security into the SDLC: SAST, DAST, dependency scanning, IaC scanning, container scanning, and CI/CD pipeline hardening.
Conduct threat modeling and security reviews for new features and system designs.
Establish and maintain secure coding guidelines.
Monitor vulnerabilities and track remediation.
External Partnerships
Support relationships with pentesting firms, security assessors, and red-teaming partners.
Operate vulnerability disclosure and bug bounty programs.
Support incident response including forensic analysis.
Security Operations (SecOps)
Select, deploy, and manage security tools (SIEM, SOAR, log aggregation) to efficiently detect, investigate, and respond to threats, in collaboration with IT for endpoint protection (EDR/MDM).
Build incident detection and response playbooks and continuously improve response capabilities.
Monitor and triage security alerts, collaborating with engineering and IT on incident resolution.
Data Protection
Ensure encryption at rest and in transit with secure key management (KMS, HSM).
Implement data minimization, tokenization, and pseudonymization strategies where appropriate.
Maintain detailed audit trails and logging for sensitive data access, and implement data loss prevention (DLP) controls where applicable, in line with HIPAA/GDPR requirements.
Cross-functional Collaboration & Culture
Partner with the Head of Information Security (compliance & governance) to align technical controls with SOC 2, ISO 27001, HIPAA, and GDPR requirements.
Work with the Head of IT on endpoint security, vendor security, and access management.
Foster a culture of secure development, running workshops and sharing best practices with engineering teams.
What You Bring to the Table:
6–10+ years in security engineering roles (infrastructure, application, or cloud security).
Hands-on experience with Google Cloud security stack (IAM, VPC, Shielded VMs, Cloud Armor, etc.).
Proven track record deploying and managing modern security tools (EDR, SIEM, IDS/IPS, WAF).
Strong understanding of modern web application security (authN/authZ, OWASP Top 10, CSP, API security).
Experience with secure SDLC practices (CI/CD pipeline scanning, SAST, DAST, IaC security).
Excellent communicator able to work cross-functionally with engineering, compliance, and IT.
Bonus: experience in regulated industries (healthcare, fintech, govtech).
Benefits That Matter
We believe in taking care of our team, just like we're dedicated to supporting doctors. Here's what you can expect:
Stock ownership
100% healthcare coverage
Meal vouchers
Public transportation costs covered at 50%
Exercise classes during the workday (Yoga, running, pilates, HIIT)
Unlimited budget for book purchases
Culture of trust & accountability
Life at Nabla
Join a team of excellence-driven, curious, and genuinely kind individuals. We love having fun as much as we love work, from lively Slack channels to regular off-sites and travel opportunities. Oh, and we’re constantly snacking on chocolate or nuts!
If you're ready to make a real difference in healthcare and build a world-class security program, we encourage you to apply. Let's secure the future together!
Our Values
Joining Nabla means being part of a team that shares a commitment to excellence, humility, growth, and inclusion.
Every day is a new chance to excel: We aim for nothing less than the best.
Stay humble: Our collective success is more important than individual achievements.
Feedback is a gift: We embrace feedback and foster a culture of trust and respect.
Committed to diversity: We foster an inclusive environment where everyone feels empowered.
Diversity & Inclusion
Diversity and inclusivity are fundamental values at Nabla. We are an equal opportunity employer and actively seek out and welcome applicants from diverse backgrounds.
Avoid recruitment scams: Stay safe and informed
There is an active employment scam which is now using Nabla to collect personal information or financial scams. If you’re contacted by a Nabla recruiter, please ensure whomever is contacting you truly represents Nabla and is utilizing a nabla.com email address. We will never ask for the exchange of any money or credit card details during the recruitment process. Nabla utilizes a hiring platform for all applications; please be aware of any suspicious email activity from people who could be pretending to be recruiters or senior professionals at Nabla. You can find more information following this link.Nabla does not accept unsolicited CVs from recruiters or employment agencies in response to the Nabla Careers page or a Nabla social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Nabla.