Enable cross-functional delivery and execution (40%)
Collaborate closely across delivery teams to align on security controls and enable secure implementation.
Participate in and frequently lead working sessions to unblock teams—translating policy into practical implementation steps that fit Agile delivery.
Run periodic spot checks and audits to validate that governance, security conditions, and monitoring remain effective over time, including re-review cadences for production use cases.
Contribute to team ceremonies, documentation, and continuous improvement to keep the program efficient, measurable, and trusted.
Lead security governance and guidance (35%)
Serve as the primary security review partner for use-case assessments working collaboratively with Information Security, Technology teams, and governance stakeholders to continuously refine and improve the security review process based on real implementations, incidents, and emerging risks.
Lead hands-on security assessments for use cases, including data classification and handling, threat modeling, vendor and model risk considerations, and misuse testing.
Define, evolve, and maintain secure-by-default standards, patterns, templates, and reference guidance (e.g., documentation expectations, security checklists, and decision records), shaping how security reviews and guardrails operate in practice as adoption matures while reducing review friction and cycle time.
Define and drive enterprise security expectations for usage, including telemetry, logging, and monitoring requirements that enable detection, investigation, and prevention of misuse across sanctioned systems.
Monitor and reduce shadow IT (25%)
Establish a program to identify and reduce shadow IT by working with IT and Security teams on discovery signals (proxy/DNS/ app discovery, endpoint telemetry) and remediation paths.
Produce actionable reporting for leadership including use-case coverage, review outcomes, risk themes, time-to-approve, exceptions, and remediation status.
Partner with Security Operations to implement and tune misuse detections and alerting (e.g., sensitive-data prompts, abnormal usage spikes, repeated jailbreak attempts, suspicious tool calls)

Requirements

7+ years in security engineering, application security, cloud security, or security architecture, with demonstrated ownership of work that scales across multiple teams.
Practical experience assessing and securing systems, including application-layer risks, data exposure concerns, and common misuse scenarios.
Practical experience securing modern software systems (APIs, cloud services, CI/CD) and applying those security fundamentals.
Comfort operating in ambiguous, fast-moving environments where standards, tooling, and processes are still being defined and refined.
Strong ability to influence and drive change across organizations, balancing speed of delivery with clear guardrails and measurable risk reduction.
Experience partnering with non-security stakeholders (e.g., product, legal, risk, procurement, operations) to translate security requirements into practical, adoptable guidance.
Confidence presenting security requirements and tradeoffs to stakeholders, and turning ambiguous problems into repeatable processes and standards.
Effective communicator and technical leader, able to provide actionable feedback, mentor peers and junior engineers, and participate in interviews to evaluate engineering talent.
Ability to travel 3–5 times per year to College Board offices.
Authorization to work in the United States.

Benefits

Annual bonuses and opportunities for merit-based raises and promotions
A mission-driven workplace where your impact matters
A team that invests in your development and success

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringapplication securitycloud securitysecurity architecturedata classificationthreat modelingCI/CDAPIssecure-by-default standardsmisuse testing

Soft Skills

influencedrive changeeffective communicationtechnical leadershipmentoringcollaborationproblem-solvingadaptabilitystakeholder engagementfeedback provision