Key skills
Application securitySecure software developmentAI/ML securitySoftware architecturesCloud environmentsAPIsSecurity toolingSecurity automationStatic analysisDynamic analysisSecurity monitoringSecurity observabilityJavaScriptRubyAIMLRuby on RailsRailsGraphQLLeadershipMentoringCommunicationProblem SolvingCollaboration
About this role
Fullscript is an industry-leading health technology company dedicated to improving patient care. They are seeking a seasoned Staff Security Engineer to lead the design and implementation of security architectures for their applications and AI initiatives, while mentoring teammates and driving cross-functional collaboration.
Responsibilities:
- Lead the design and implementation of robust security architectures for Fullscript’s applications, and AI initiatives
- Collaborate closely with engineering teams to embed security into the development lifecycle, including threat modeling, security coding practices, and design reviews
- Drive AI security best practices, ensuring responsible deployment, and mitigation of risks such as data poisoning, prompt injection, or model exploitation
- Mentor engineers and other security team members, fostering a culture of security awareness and technical excellence across the organization
- Conduct technical risk assessments, security research, and code reviews to proactively identify and remediate vulnerabilities
- Influence cross-functional teams through technical leadership, helping define security standards and strategies that scale across Fullscript’s products and AI ecosystem
- Stay ahead of emerging threats, attack vectors, and AI-specific security challenges to guide strategic decisions for the organization’s security posture
Requirements:
- Deep technical expertise in application security, and secure software development
- Experience with AI/ML security
- Strong understanding of modern software architectures, cloud environments, and APIs
- Proven ability to influence and mentor engineers across teams, fostering security-first thinking and best practices
- Hands-on experience with security tooling and automation, including static/dynamic analysis, monitoring, and observability systems
- Strong problem solving skills, able to balance security rigor with product velocity
- Excellent communication and collaboration skills, able to translate complex security concepts to technical and non-technical stakeholders
- Experience with protecting / hardening of health data
- Experience securing Ruby on Rails, Javascript, GraphQL applications
- Familiarity with regulatory and compliance frameworks relevant to software and AI security is a plus (e.g. SOC 2, NIST)