The College BoardRemote
Senior Security Engineer
United States of America
Full Time
1 hour ago
$153,000 - $166,000 USD
No H1B
Key skills
AgileCI/CDLeadershipCommunicationCloud Security
About this role
College Board is a mission-driven, not-for-profit organization dedicated to excellence in education. As a Senior Security Engineer, you will ensure that College Board systems follow established best practices, managing security technologies and collaborating with teams to reduce risk and implement secure configurations.
Responsibilities:
- Enable cross-functional delivery and execution (40%)
- Collaborate closely across delivery teams to align on security controls and enable secure implementation. Participate in and frequently lead working sessions to unblock teams—translating policy into practical implementation steps that fit Agile delivery. Run periodic spot checks and audits to validate that governance, security conditions, and monitoring remain effective over time, including re-review cadences for production use cases. Contribute to team ceremonies, documentation, and continuous improvement to keep the program efficient, measurable, and trusted
- Lead security governance and guidance (35%)
- Serve as the primary security review partner for use-case assessments working collaboratively with Information Security, Technology teams, and governance stakeholders to continuously refine and improve the security review process based on real implementations, incidents, and emerging risks. Lead hands-on security assessments for use cases, including data classification and handling, threat modeling, vendor and model risk considerations, and misuse testing. Define, evolve, and maintain secure-by-default standards, patterns, templates, and reference guidance (e.g., documentation expectations, security checklists, and decision records), shaping how security reviews and guardrails operate in practice as adoption matures while reducing review friction and cycle time. Define and drive enterprise security expectations for usage, including telemetry, logging, and monitoring requirements that enable detection, investigation, and prevention of misuse across sanctioned systems
- Monitor and reduce shadow IT (25%)
- Establish a program to identify and reduce shadow IT by working with IT and Security teams on discovery signals (proxy/DNS/app discovery, endpoint telemetry) and remediation paths. Produce actionable reporting for leadership including use-case coverage, review outcomes, risk themes, time-to-approve, exceptions, and remediation status. Partner with Security Operations to implement and tune misuse detections and alerting (e.g., sensitive-data prompts, abnormal usage spikes, repeated jailbreak attempts, suspicious tool calls)
Requirements:
- 7+ years in security engineering, application security, cloud security, or security architecture, with demonstrated ownership of work that scales across multiple teams
- Practical experience assessing and securing systems, including application-layer risks, data exposure concerns, and common misuse scenarios
- Practical experience securing modern software systems (APIs, cloud services, CI/CD) and applying those security fundamentals
- Comfort operating in ambiguous, fast-moving environments where standards, tooling, and processes are still being defined and refined
- Strong ability to influence and drive change across organizations, balancing speed of delivery with clear guardrails and measurable risk reduction
- Experience partnering with non-security stakeholders (e.g., product, legal, risk, procurement, operations) to translate security requirements into practical, adoptable guidance
- Confidence presenting security requirements and tradeoffs to stakeholders, and turning ambiguous problems into repeatable processes and standards
- Effective communicator and technical leader, able to provide actionable feedback, mentor peers and junior engineers, and participate in interviews to evaluate engineering talent
- Ability to travel 3–5 times per year to College Board offices
- Authorization to work in the United States
- A passion for expanding educational and career opportunities and mission-driven work
- Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new solutions and a comfort learning and applying new digital tools independently and proactively
- Clear and concise communication skills, written and verbal
- A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input
- A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking
- A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success