Senior Security Engineer

About Nabla

We are a team of entrepreneurs, clinicians and engineers committed to bringing back joy to the practice of medicine.

Together with a community of clinician innovators, we’ve harnessed the best of machine learning science to develop Nabla: the leading AI assistant that’s restoring the human connection at the heart of healthcare. By streamlining clinical documentation, Nabla is helping clinicians focus on what matters most - patient care. Today, over 100,000+ clinicians across 130+ healthcare organizations trust Nabla to support how they deliver care every day.

We’re at the start of an ambitious journey: Ambient listening, dictation, coding, and command capabilities are all converging into a proactive assistant that intuitively streamlines clinical and financial workflows.

Backed by a recent $70M Series C, we’re hiring to build the next generation of clinical AI and improve the lives of clinicians and patients everywhere.

This is a great time to join us!

The best of AI at the service of healthcare

Nabla’s phenomenal traction is the result of 3 years of diligent product development.

Led by former Meta AI Research engineers, our team has consistently anticipated how AI can revolutionize healthcare delivery. Our Machine Learning team continually leverages the latest advancements to unlock AI’s full potential in healthcare.

Yann LeCun, Meta’s Chief AI Scientist and Turing award winner, is an advisor to Nabla.

Security at Nabla

Our SaaS runs entirely on Google Cloud and handles highly sensitive healthcare data, so security is core to everything we do. You'll work directly with our Lead Security Engineer, to build and run our detection & response capability from the ground up and to strengthen security well beyond it.

This is a hands-on, high-impact role. It has a strong SOC/SIEM core but it is deliberately a security engineer role, not a pure SOC analyst role: you'll regularly cross into application, platform/cloud and corporate security, and you'll own problems end-to-end rather than hand them off.

If you're pragmatic and hands-on, love building systems from scratch, and want your work to protect patients' most sensitive data, this role is for you.

Your Team

We're building a dedicated security engineering team, and we're looking for an exceptional Senior Security Engineer | Detection & Response to be one of its founding members.

What You’ll Do

Detection & Response — your core focus

• Own our SIEM-of-record end-to-end; take it from deployed to operated: finish and harden log-source onboarding (GCP audit logs, Okta, Google Workspace, GitHub, endpoint telemetry) and own normalization, ingest health and the operating rhythm.

• Build detection-as-code: grow the first high-signal rules into a versioned, peer-reviewed rule set (Sigma / YARA-L / scheduled queries) mapped to MITRE ATT&CK and tuned hard against false positives.

• Drive MTTD down to minutes on the attack paths that matter; identity abuse, service-account impersonation, bulk data access, CI/CD compromise.

• Incident response: rehearse playbooks, lead investigations and forensics, and support breach-notification workflows with the compliance team.

• Run the cloud-findings triage loop (Security Command Center / CNAPP)

Platform, Cloud & Application Security

• Harden our Google Cloud estate (IAM least privilege, org policies, VPC Service Controls, GKE security, Cloud Armor) and codify everything in Terraform.

• Secure the CI/CD pipeline and SDLC (SAST, dependency and secrets scanning, supply-chain controls) and contribute to threat modeling of new features, including our AI/LLM surfaces.

Corporate Security (with IT)

• Strengthen the identity plane with IT — Okta policy hardening, phishing-resistant MFA (FIDO2/passkeys), SSO/SCIM coverage, joiner-mover-leaver automation — and route EDR and email-security telemetry into your detections.

Your DNA

• 5–8+ years in security engineering, including at least 2–3 years hands-on experience in detection engineering, SOC or incident response.

• Proven experience writing detection rules as code (Sigma, YARA-L or equivalent) and tuning them in production.

• Python automation (event pipelines, alert enrichment, BigQuery) and Terraform

• Incident response and forensics fundamentals; comfortable moving between an IAM review, a CI hardening PR and an Okta policy change

• Excellent communication in English able to work cross-functionally with engineering, compliance and IT.

• GKE Autopilot & admission controllers, SIEM operations (Google SecOps / Elastic / Panther), or experience in healthcare / another regulated industry is a plus.

Why Join Us

• Opportunity to build and shape the security engineering function from scratch

• Work on meaningful challenges in healthcare, where protecting data is protecting lives

Where you’ll be based

Our offices are based in Paris 3e (Arts & Métiers).

Remote policy: Hybrid

Working Language: English

Benefits

Just like we’re dedicated to supporting doctors’ well-being, ensuring yours is a top priority. We firmly believe that by prioritizing your well-being, we support you to excel in your work.

Here are the benefits you get when joining Nabla:

• Stock ownership

• 100% healthcare coverage

• Meal vouchers

• Public transportation costs covered at 50%

• Exercise class during the workday: Yoga, running, pilates, HIIT

• Unlimited budget for book purchases, so you can continue to learn about IT, security, and leadership

• Culture of trust & accountability — your output matters more than your clock-in time

Life at Nabla

When you become a part of our company, you join a team of excellence-driven, curious, and genuinely kind individuals. Together, we're committed to making clinicians' lives easier and improving healthcare experiences for everyone. We believe in a world where clinicians can focus on what they were trained to do - caring for their patients, and where no patient feels their visit was rushed.

We come to work excited to leverage AI to do more for clinicians. We’re obsessed with our users’ satisfaction and we actively seek out opportunities to engage one-on-one with clinicians to understand how Nabla can better help. We consistently look for ways to improve and do not shy away from doing the work to excel. Whether it’s a feature our users asked for, or a new article for our blog, we prioritize collaboration to deliver exceptional outcomes.

We love having fun as much as we love work. Our #nablabla channel is as active as our #feature-show-off channel, we exercise during the work day at least 3 times a week (yoga, running, pilates, or HIIT, your choice!), enjoy regular off-sites to gather the team, and travel to see each other in places like NY, Paris, San Francisco, and many other vibrant cities. Oh, and we’re constantly snacking on chocolate or nuts!

If this sounds like an environment you’ll thrive in, we look forward to reading your application!

Our Values at Nabla

Joining Nabla means being part of a team that shares a commitment to excellence, humility, growth, and inclusion.

Every day is a new chance to excel

We aim for nothing less than the best and are willing to put in the effort and dedication required to exceed standards. We learn from yesterday’s failures and do better every day.

Stay humble

There’s no place for ego in our team. Our collective success is more important than individual achievements. We see humility as wisdom — keeping focus on the bigger picture.

Feedback is a gift

We embrace feedback and foster a culture of trust and respect that helps everyone grow. We communicate openly about both achievements and challenges, and we actively involve each other in finding solutions.

Committed to diversity

We recognize the ongoing challenge of diversity in tech. Our responsibility starts with fostering an inclusive environment where everyone feels empowered to be their authentic selves and do their best work.

Diversity & Inclusion

Diversity and inclusivity are fundamental values at Nabla. We embrace individuals from various backgrounds, including race, gender, educational history, sexual orientation, and beyond.

As an equal opportunity employer, we actively seek out and welcome applicants from diverse backgrounds, believing that a wide range of perspectives enriches our team and enhances our ability to innovate and thrive.

Avoid recruitment scams: Stay safe and informed

There is an active employment scam which is now using Nabla to collect personal information or financial scams. If you’re contacted by a Nabla recruiter, please ensure whomever is contacting you truly represents Nabla and is utilizing a nabla.com email address. We will never ask for the exchange of any money or credit card details during the recruitment process. Nabla utilizes a hiring platform for all applications; please be aware of any suspicious email activity from people who could be pretending to be recruiters or senior professionals at Nabla. You can find more information following this link.

Nabla does not accept unsolicited CVs from recruiters or employment agencies in response to the Nabla Careers page or a Nabla social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Nabla.