Senior Security Engineer

College Board

26d•$153,000 - $166,000•Remote

About The Position

As a Senior Security Engineer, you will play a key role in ensuring the College Board systems are following established best practices. This will include a combination of managing security focused technologies as well as ensuring that non security focused applications are configured to reduce risk for the organization In this role, you will combine hands-on security engineering with collaborative governance. You will work directly with delivery teams to perform practical, risk reviews, assessing architectures, data flows, and misuse risks—while also helping evolve the organization’s security review practices so they remain effective and drive risk reduction through standardization. Your work will turn real-world experience into clear standards, guidance, and secure-by-default patterns to help the organization become predictable and repeatable rather than ad hoc. You will have meaningful latitude to shape how applications are configured to ensure that organizational and industry best practices are met. You will have visible impact by reducing shadow IT risk, preventing sensitive data exposure, and improving time-to-approval through pragmatic, engineering-friendly security guidance. Success in this role requires close collaboration with Information Security partners, teams across the Technology division, and stakeholders in other divisions to translate emerging risk into shared understanding, aligned expectations, and durable security outcomes.

Requirements

7+ years in security engineering, application security, cloud security, or security architecture, with demonstrated ownership of work that scales across multiple teams.
Practical experience assessing and securing systems, including application-layer risks, data exposure concerns, and common misuse scenarios.
Practical experience securing modern software systems (APIs, cloud services, CI/CD) and applying those security fundamentals .
Comfort operating in ambiguous, fast-moving environments where standards, tooling, and processes are still being defined and refined.
Strong ability to influence and drive change across organizations, balancing speed of delivery with clear guardrails and measurable risk reduction.
Experience partnering with non-security stakeholders (e.g., product, legal, risk, procurement, operations) to translate security requirements into practical, adoptable guidance.
Confidence presenting security requirements and tradeoffs to stakeholders, and turning ambiguous problems into repeatable processes and standards.
Effective communicator and technical leader, able to provide actionable feedback, mentor peers and junior engineers, and participate in interviews to evaluate engineering talent.
Ability to travel 3–5 times per year to College Board offices.
Authorization to work in the United States.
A passion for expanding educational and career opportunities and mission-driven work
Authorization to work in the United States for any employer
Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new solutions and a comfort learning and applying new digital tools independently and proactively.
Clear and concise communication skills, written and verbal
A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success.

Responsibilities

Enable cross-functional delivery and execution (40%)
Collaborate closely across delivery teams to align on security controls and enable secure implementation.
Participate in and frequently lead working sessions to unblock teams—translating policy into practical implementation steps that fit Agile delivery.
Run periodic spot checks and audits to validate that governance, security conditions, and monitoring remain effective over time, including re-review cadences for production use cases.
Contribute to team ceremonies, documentation, and continuous improvement to keep the program efficient, measurable, and trusted.
Lead security governance and guidance (35%)
Serve as the primary security review partner for use-case assessments working collaboratively with Information Security, Technology teams, and governance stakeholders to continuously refine and improve the security review process based on real implementations, incidents, and emerging risks.
Lead hands-on security assessments for use cases, including data classification and handling, threat modeling, vendor and model risk considerations, and misuse testing.
Define, evolve, and maintain secure-by-default standards, patterns, templates, and reference guidance (e.g., documentation expectations, security checklists, and decision records), shaping how security reviews and guardrails operate in practice as adoption matures while reducing review friction and cycle time.
Define and drive enterprise security expectations for usage, including telemetry, logging, and monitoring requirements that enable detection, investigation, and prevention of misuse across sanctioned systems.
Monitor and reduce shadow IT (25%)
Establish a program to identify and reduce shadow IT by working with IT and Security teams on discovery signals (proxy/DNS/app discovery, endpoint telemetry) and remediation paths.
Produce actionable reporting for leadership including use-case coverage, review outcomes, risk themes, time-to-approve, exceptions, and remediation status.
Partner with Security Operations to implement and tune misuse detections and alerting (e.g., sensitive-data prompts, abnormal usage spikes, repeated jailbreak attempts, suspicious tool calls)