Senior Security Engineer

Responsibilities

• Detection & Response - your core focus
• Own our SIEM-of-record end-to-end; take it from deployed to operated : finish and harden log-source onboarding (GCP audit logs, Okta, Google Workspace, GitHub, endpoint telemetry) and own normalization, ingest health and the operating rhythm.
• Build detection-as-code: grow the first high-signal rules into a versioned, peer-reviewed rule set (Sigma / YARA-L / scheduled queries) mapped to MITRE ATT&CK and tuned hard against false positives.
• Drive MTTD down to minutes on the attack paths that matter; identity abuse, service-account impersonation, bulk data access, CI/CD compromise.
• Incident response: rehearse playbooks, lead investigations and forensics, and support breach-notification workflows with the compliance team.
• Run the cloud-findings triage loop (Security Command Center / CNAPP)
• Platform, Cloud & Application Security
• Harden our Google Cloud estate (IAM least privilege, org policies, VPC Service Controls, GKE security, Cloud Armor) and codify everything in Terraform.
• Secure the CI/CD pipeline and SDLC (SAST, dependency and secrets scanning, supply-chain controls) and contribute to threat modeling of new features, including our AI/LLM surfaces.
• Corporate Security (with IT)
• Strengthen the identity plane with IT - Okta policy hardening, phishing-resistant MFA (FIDO2/passkeys), SSO/SCIM coverage, joiner-mover-leaver automation - and route EDR and email-security telemetry into your detections.
• Your DNA
• 5-8+ years in security engineering , including at least 2-3 years hands-on experience in detection engineering, SOC or incident response.
• Proven experience writing detection rules as code (Sigma, YARA-L or equivalent) and tuning them in production.
• Python automation (event pipelines, alert enrichment, BigQuery) and Terraform
• Incident response and forensics fundamentals; comfortable moving between an IAM review, a CI hardening PR and an Okta policy change
• Excellent communication in English able to work cross-functionally with engineering, compliance and IT.
• GKE Autopilot & admission controllers, SIEM operations (Google SecOps / Elastic / Panther), or experience in healthcare / another regulated industry is a plus .
• Why Join Us
• Opportunity to build and shape the security engineering function from scratch
• Work on meaningful challenges in healthcare, where protecting data is protecting lives
• Where you'll be based
• Our offices are based in Paris 3e (Arts & Métiers).
• Remote policy: Hybrid
• Working Language: English

Benefits

Additional Information

About Nabla We are a team of entrepreneurs, clinicians and engineers committed to bringing back joy to the practice of medicine. Together with a community of clinician innovators, we've harnessed the best of machine learning science to develop Nabla: the leading AI assistant that's restoring the human connection at the heart of healthcare. By streamlining clinical documentation, Nabla is helping clinicians focus on what matters most - patient care. Today, over 100,000+ clinicians across 130+ healthcare organizations trust Nabla to support how they deliver care every day. We're at the start of an ambitious journey: Ambient listening, dictation, coding, and command capabilities are all converging into a proactive assistant that intuitively streamlines clinical and financial workflows. Backed by a recent $70M Series C, we're hiring to build the next generation of clinical AI and improve the lives of clinicians and patients everywhere. This is a great time to join us! The best of AI at the service of healthcare Nabla's phenomenal traction is the result of 3 years of diligent product development. Led by former Meta AI Research engineers, our team has consistently anticipated how AI can revolutionize healthcare delivery. Our Machine Learning team continually leverages the latest advancements to unlock AI's full potential in healthcare. Yann LeCun, Meta's Chief AI Scientist and Turing award winner, is an advisor to Nabla. Security at Nabla Our SaaS runs entirely on Google Cloud and handles highly sensitive healthcare data, so security is core to everything we do. You'll work directly with our Lead Security Engineer , to build and run our detection & response capability from the ground up and to strengthen security well beyond it. This is a hands-on, high-impact role. It has a strong SOC/SIEM core but it is deliberately a security engineer role, not a pure SOC analyst role: you'll regularly cross into application, platform/cloud and corporate security, and you'll own problems end-to-end rather than hand them off. If you're pragmatic and hands-on, love building systems from scratch, and want your work to protect patients' most sensitive data , this role is for you. Your Team We're building a dedicated security engineering team, and we're looking for an exceptional Senior Security Engineer | Detection & Response to be one of its founding members.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at nabla? Share your experience