Abridge
Senior/Staff Application Security Engineer
Join to apply for the
Senior/Staff Application Security Engineer
role at
Abridge .
Base Pay Range $185,000.00/yr – $265,000.00/yr
About Abridge Abridge was founded in 2018 with the mission of powering deeper understanding in healthcare. Our AI‑powered platform is purpose‑built for medical conversations, improving clinical documentation efficiencies while enabling clinicians to focus on what matters most—their patients. Our enterprise‑grade technology transforms patient‑clinician conversations into structured clinical notes in real‑time, with deep EMR integrations and auditable AI. As pioneers in generative AI for healthcare, we set industry standards for responsible deployment of AI across health systems. We have offices in the Mission District (San Francisco), SoHo (New York), and East Liberty (Pittsburgh).
The Role We’re looking for a very experienced and highly motivated
Senior or Staff Application Security Engineer
to join our team as one of the first engineers on the Abridge Security team. In this role, you’ll be a key technical leader who drives initiatives that shape our product, infrastructure, and engineering practices. You’ll influence the vision and execution of our secure software development lifecycle (SDLC) across the entire product portfolio while working cross‑functionally with product and engineering teams to integrate security seamlessly, automate security capabilities, and mentor others to build secure‑by‑default systems at scale in the age of AI.
This position requires deep technical expertise, a builder’s mindset, and excellent communication skills to influence security culture across the organization.
What You’ll Do Secure Development & Architecture Leadership
Lead Threat Modeling and Design Reviews: Conduct advanced threat modeling and security architecture reviews for complex systems, new products, and platform initiatives, providing expert guidance to meet Abridge’s security goals.
Define Security Strategy: Define and implement the technical roadmap for the Application Security program, focusing on scalable assurance, proactive security measures, and setting clear standards and guardrails.
Mentor and Enable: Act as a subject‑matter expert and trusted advisor to product and engineering teams, providing mentorship on security features, product defense, secure coding practices, application architecture, and vulnerability remediation strategies.
Security Automation and Tooling
Build Security Pipelines & Key Capabilities: Design, implement, and maintain advanced security automation tools and services, integrating them seamlessly into CI/CD pipelines (e.g., automated SAST, DAST, SCA, IaC, WAF).
Tool Management & Tuning: Own the deployment, configuration, and maintenance of AppSec tooling, tuning scanners and custom rules to reduce false positives and maximize efficacy across various technology stacks.
Drive Proactive Security: Develop custom scripts and tooling to automate repetitive security tasks, accelerate vulnerability detection, and enforce policy‑as‑code across the development environment.
Vulnerability Management & Incident Response
Code and Security Reviews: Perform and lead in‑depth secure code reviews (manual and tool‑assisted) to identify complex security vulnerabilities and flaws, including logic and authorization vulnerabilities that automated tools often miss. Get hands‑on evaluating AI models, agents, and architectures.
Vulnerability Program Oversight: Oversee the end‑to‑end vulnerability management program for Abridge’s products and applications, ensuring timely identification, prioritization, and remediation of critical security issues in a developer‑friendly way.
Security Incident Response: Serve as an expert on Abridge’s products and applications for the security incident response team, assisting in investigating and resolving security events and incidents.
What You’ll Bring
Experience: 7+ years of direct experience in an Application Security role, with a demonstrated history of designing and implementing security improvements at scale.
Programming Fluency: Deep proficiency in one or more major programming languages (Python and NextJS a big plus) with a solid background in software development principles.
Cloud & Containers: Extensive experience securing applications deployed in Cloud environments (GCP a big plus) and knowledge of containerization technologies (Kubernetes).
Technical Depth: Expert‑level knowledge of web application security techniques and principles, APIs, IAM (including identity, authentication/authorization, RBAC, ABAC), applied cryptography, etc.
SDLC/DevSecOps: Hands‑on experience integrating security testing and tooling (SAST, DAST, SCA, IaC, WAF) and gates into modern development workflows and CI/CD systems.
Bonus Points If…
AI Security: Deep understanding of the security of AI and ML models, agents, and associated systems.
Security Research: Proven experience contributing to or leveraging open‑source security tools, publishing security research, managing bug bounty programs, and active engagement in the security industry.
Cross‑Functional Influence: Demonstrated ability to drive large, cross‑functional technical projects that impact security posture across the organization.
Data‑Driven Security: Experience defining and utilizing security metrics to measure and report on the effectiveness of the AppSec program to both technical and executive audiences.
Why Work at Abridge? We’re transforming healthcare delivery experiences with generative AI, enabling clinicians and patients to connect in deeper, more meaningful ways. Our fast‑paced, high‑growth startup culture values extreme ownership, empathy, and continuous learning.
We support professional and personal growth with flexible work hours, inclusive culture, and a wide range of learning and development opportunities.
How We Take Care of Abridgers
Generous Time Off: 13 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees.
Comprehensive Health Plans: Medical, dental, and vision plans for all full‑time employees; Abridge covers 100% of the premium for you and 75% for dependents.
Paid Parental Leave: 16 weeks paid parental leave for all full‑time employees.
401(k) and Matching: Contribution matching to help invest in your future.
Pre‑Tax Benefits: Access to Flexible Spending Accounts (FSA) and commuter benefits.
Learning and Development Budget: Yearly contributions for coaching, courses, workshops, conferences, and more.
Sabbatical Leave: 30 days of paid sabbatical leave after 5 years of employment.
Competitive compensation and equity grants for full‑time employees.
Equal Opportunity Employer Abridge is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability.
Staying Safe – Protect Yourself from Recruitment Fraud We are aware of individuals and entities fraudulently representing themselves as Abridge recruiters. Abridge will never ask for financial information or payment, or for personal information such as bank account number or social security number during the application or interview process. Any emails from the Abridge recruiting team will come from an @abridge.com email address.
#J-18808-Ljbffr
Senior/Staff Application Security Engineer
role at
Abridge .
Base Pay Range $185,000.00/yr – $265,000.00/yr
About Abridge Abridge was founded in 2018 with the mission of powering deeper understanding in healthcare. Our AI‑powered platform is purpose‑built for medical conversations, improving clinical documentation efficiencies while enabling clinicians to focus on what matters most—their patients. Our enterprise‑grade technology transforms patient‑clinician conversations into structured clinical notes in real‑time, with deep EMR integrations and auditable AI. As pioneers in generative AI for healthcare, we set industry standards for responsible deployment of AI across health systems. We have offices in the Mission District (San Francisco), SoHo (New York), and East Liberty (Pittsburgh).
The Role We’re looking for a very experienced and highly motivated
Senior or Staff Application Security Engineer
to join our team as one of the first engineers on the Abridge Security team. In this role, you’ll be a key technical leader who drives initiatives that shape our product, infrastructure, and engineering practices. You’ll influence the vision and execution of our secure software development lifecycle (SDLC) across the entire product portfolio while working cross‑functionally with product and engineering teams to integrate security seamlessly, automate security capabilities, and mentor others to build secure‑by‑default systems at scale in the age of AI.
This position requires deep technical expertise, a builder’s mindset, and excellent communication skills to influence security culture across the organization.
What You’ll Do Secure Development & Architecture Leadership
Lead Threat Modeling and Design Reviews: Conduct advanced threat modeling and security architecture reviews for complex systems, new products, and platform initiatives, providing expert guidance to meet Abridge’s security goals.
Define Security Strategy: Define and implement the technical roadmap for the Application Security program, focusing on scalable assurance, proactive security measures, and setting clear standards and guardrails.
Mentor and Enable: Act as a subject‑matter expert and trusted advisor to product and engineering teams, providing mentorship on security features, product defense, secure coding practices, application architecture, and vulnerability remediation strategies.
Security Automation and Tooling
Build Security Pipelines & Key Capabilities: Design, implement, and maintain advanced security automation tools and services, integrating them seamlessly into CI/CD pipelines (e.g., automated SAST, DAST, SCA, IaC, WAF).
Tool Management & Tuning: Own the deployment, configuration, and maintenance of AppSec tooling, tuning scanners and custom rules to reduce false positives and maximize efficacy across various technology stacks.
Drive Proactive Security: Develop custom scripts and tooling to automate repetitive security tasks, accelerate vulnerability detection, and enforce policy‑as‑code across the development environment.
Vulnerability Management & Incident Response
Code and Security Reviews: Perform and lead in‑depth secure code reviews (manual and tool‑assisted) to identify complex security vulnerabilities and flaws, including logic and authorization vulnerabilities that automated tools often miss. Get hands‑on evaluating AI models, agents, and architectures.
Vulnerability Program Oversight: Oversee the end‑to‑end vulnerability management program for Abridge’s products and applications, ensuring timely identification, prioritization, and remediation of critical security issues in a developer‑friendly way.
Security Incident Response: Serve as an expert on Abridge’s products and applications for the security incident response team, assisting in investigating and resolving security events and incidents.
What You’ll Bring
Experience: 7+ years of direct experience in an Application Security role, with a demonstrated history of designing and implementing security improvements at scale.
Programming Fluency: Deep proficiency in one or more major programming languages (Python and NextJS a big plus) with a solid background in software development principles.
Cloud & Containers: Extensive experience securing applications deployed in Cloud environments (GCP a big plus) and knowledge of containerization technologies (Kubernetes).
Technical Depth: Expert‑level knowledge of web application security techniques and principles, APIs, IAM (including identity, authentication/authorization, RBAC, ABAC), applied cryptography, etc.
SDLC/DevSecOps: Hands‑on experience integrating security testing and tooling (SAST, DAST, SCA, IaC, WAF) and gates into modern development workflows and CI/CD systems.
Bonus Points If…
AI Security: Deep understanding of the security of AI and ML models, agents, and associated systems.
Security Research: Proven experience contributing to or leveraging open‑source security tools, publishing security research, managing bug bounty programs, and active engagement in the security industry.
Cross‑Functional Influence: Demonstrated ability to drive large, cross‑functional technical projects that impact security posture across the organization.
Data‑Driven Security: Experience defining and utilizing security metrics to measure and report on the effectiveness of the AppSec program to both technical and executive audiences.
Why Work at Abridge? We’re transforming healthcare delivery experiences with generative AI, enabling clinicians and patients to connect in deeper, more meaningful ways. Our fast‑paced, high‑growth startup culture values extreme ownership, empathy, and continuous learning.
We support professional and personal growth with flexible work hours, inclusive culture, and a wide range of learning and development opportunities.
How We Take Care of Abridgers
Generous Time Off: 13 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees.
Comprehensive Health Plans: Medical, dental, and vision plans for all full‑time employees; Abridge covers 100% of the premium for you and 75% for dependents.
Paid Parental Leave: 16 weeks paid parental leave for all full‑time employees.
401(k) and Matching: Contribution matching to help invest in your future.
Pre‑Tax Benefits: Access to Flexible Spending Accounts (FSA) and commuter benefits.
Learning and Development Budget: Yearly contributions for coaching, courses, workshops, conferences, and more.
Sabbatical Leave: 30 days of paid sabbatical leave after 5 years of employment.
Competitive compensation and equity grants for full‑time employees.
Equal Opportunity Employer Abridge is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability.
Staying Safe – Protect Yourself from Recruitment Fraud We are aware of individuals and entities fraudulently representing themselves as Abridge recruiters. Abridge will never ask for financial information or payment, or for personal information such as bank account number or social security number during the application or interview process. Any emails from the Abridge recruiting team will come from an @abridge.com email address.
#J-18808-Ljbffr