Senior/Staff Application Security Engineer
Company: Abridge
Location: San Francisco
Posted on: April 2, 2026
|
|
|
Job Description:
About Abridge Abridge was founded in 2018 with the mission of
powering deeper understanding in healthcare. Our AI-powered
platform was purpose-built for medical conversations, improving
clinical documentation efficiencies while enabling clinicians to
focus on what matters most—their patients. Our enterprise-grade
technology transforms patient-clinician conversations into
structured clinical notes in real-time, with deep EMR integrations.
Powered by Linked Evidence and our purpose-built, auditable AI, we
are the only company that maps AI-generated summaries to ground
truth, helping providers quickly trust and verify the output. As
pioneers in generative AI for healthcare, we are setting the
industry standards for the responsible deployment of AI across
health systems. We are a growing team of practicing MDs, AI
scientists, PhDs, creatives, technologists, and engineers working
together to empower people and make care make more sense. We have
offices located in the Mission District in San Francisco, the SoHo
neighborhood of New York, and East Liberty in Pittsburgh. The Role
Want to work on building out security from the ground up at the
leading edge of AI in healthcare globally? We're looking for a very
experienced and highly motivated Senior or Staff Application
Security Engineer to join our team as one of the first engineers on
the Abridge Security team. In this role, you'll be a key technical
leader, driving key initiatives that shape our product,
infrastructure, and engineering practices. Impact both the vision
and hands-on execution of our secure software development lifecycle
(SDLC) across the entire product portfolio. You'll work
cross-functionally with product and engineering teams to integrate
security seamlessly, automate security capabilities and controls,
and mentor others to build secure-by-default systems at scale in
the age of AI. This position requires deep technical expertise, a
builder's mindset, and excellent communication skills to influence
security culture across the organization. What You’ll Do Secure
Development & Architecture Leadership Lead Threat Modeling and
Design Reviews: Impact the product from ideation through to code
that is shipping to production. Conduct advanced threat modeling
and security architecture reviews for complex systems, new
products, and platform initiatives, providing expert guidance and
requirements to meet Abridge’s security goals. Define Security
Strategy: Define and implement the technical roadmap for the
Application Security program, focusing on scalable assurance,
proactive security measures, and setting clear standards and
guardrails. Mentor and Enable: Act as a subject matter expert and
trusted advisor to product and engineering teams, providing
mentorship on security features, product defense, secure coding
practices, application architecture, and vulnerability remediation
strategies. Conduct Training & Awareness : Develop training
materials for engineers to build a foundation of security best
practices across the engineering organization. Vulnerability
Management & Incident Response Code and Security Reviews: Perform
and lead in-depth secure code reviews (both manual and
tool-assisted) to identify complex security vulnerabilities and
flaws, including logic and authorization vulnerabilities that
automated tools often miss. Get hands on with assessing AI models,
agents, and architectures. Internal Penetration Testing : Lead
internal penetration testing engagements for net new products and
historical systems identify security risks across our environment.
Vulnerability Program Oversight: Design and enhance the end-to-end
vulnerability management program for Abridge’s products and
applications, ensuring timely identification, prioritization, and
remediation of critical security issues while doing so in as
developer-friendly a way as possible. Security Incident Response:
Serve as an expert on Abridge’s products and applications for the
security incident response team, assisting in investigating and
resolving security events and incidents. What You’ll Bring
Experience: 7 years of direct experience in an Application Security
role, with a demonstrated history of designing and implementing
security improvements at scale. Programming Fluency: Deep
proficiency in one or more major programming languages (Python and
NextJS a big plus) and a solid background in software development
principles. Cloud & Containers: Extensive experience securing
applications deployed in Cloud environments (GCP a big plus) and
knowledge of containerization technologies (Kubernetes). Technical
Depth: Expert-level knowledge of web application security
techniques and principles, APIs, IAM (including identity,
authentication/authorization, RBAC, ABAC), applied cryptography,
etc. AI Security: Deep understanding of the security of AI and ML
models, agents, and associated systems. Bonus Points If… Security
Research: Proven experience contributing to or leveraging
open-source security tools, publishing security research, managing
bug bounty programs, and active engagement in the security
industry. Cross-Functional Influence: Demonstrated ability to drive
large, cross-functional technical projects that impact security
posture across the entire organization. Data-Driven Security:
Experience defining and utilizing security metrics to measure and
report on the effectiveness of the AppSec program to both technical
and executive audiences. Why Work at Abridge? At Abridge, we’re
transforming healthcare delivery experiences with generative AI,
enabling clinicians and patients to connect in deeper, more
meaningful ways. Our mission is clear: to power deeper
understanding in healthcare. We’re driving real, lasting change,
with millions of medical conversations processed each month.
Joining Abridge means stepping into a fast-paced, high-growth
startup where your contributions truly make a difference. Our
culture requires extreme ownership—every employee has the ability
to (and is expected to) make an impact on our customers and our
business. Beyond individual impact, you will have the opportunity
to work alongside a team of curious, high-achieving people in a
supportive environment where success is shared, growth is constant,
and feedback fuels progress. At Abridge, it’s not just what we
do—it’s how we do it. Every decision is rooted in empathy, always
prioritizing the needs of clinicians and patients. We’re committed
to supporting your growth, both professionally and personally.
Whether it's flexible work hours, an inclusive culture, or ongoing
learning opportunities, we are here to help you thrive and do the
best work of your life. If you are ready to make a meaningful
impact alongside passionate people who care deeply about what they
do, Abridge is the place for you. How we take care of Abridgers:
Generous Time Off : 14 paid holidays, flexible PTO for salaried
employees, and accrued time off for hourly employees Comprehensive
Health Plans : Medical, Dental, and Vision coverage for all
full-time employees and their families. Generous HSA Contribution :
If you choose a High Deductible Health Plan, Abridge makes monthly
contributions to your HSA. Paid Parental Leave : Generous paid
parental leave for all full-time employees. Family Forming
Benefits: Resources and financial support to help you build your
family. 401(k) Matching : Contribution matching to help invest in
your future. Personal Device Allowance : Tax free funds for
personal device usage. Pre-tax Benefits: Access to Flexible
Spending Accounts (FSA) and Commuter Benefits. Lifestyle Wallet :
Monthly contributions for fitness, professional development,
coworking, and more. Mental Health Support : Dedicated access to
therapy and coaching to help you reach your goals. Sabbatical Leave
: Paid Sabbatical Leave after 5 years of employment. Compensation
and Equity : Competitive compensation and equity grants for full
time employees. and much more! Equal Opportunity Employer Abridge
is an equal opportunity employer and considers all qualified
applicants equally without regard to race, color, religion, sex,
sexual orientation, gender identity, national origin, veteran
status, or disability. Staying safe - Protect yourself from
recruitment fraud We are aware of individuals and entities
fraudulently representing themselves as Abridge recruiters and/or
hiring managers. Abridge will never ask for financial information
or payment, or for personal information such as bank account number
or social security number during the job application or interview
process. Any emails from the Abridge recruiting team will come from
an @ abridge.com email address. You can learn more about how to
protect yourself from these types of fraud by referring to this
article . Please exercise caution and cease communications if
something feels suspicious about your interactions.
Keywords: Abridge, Carmichael , Senior/Staff Application Security Engineer, IT / Software / Systems , San Francisco, California
