College Boardā Technology āSecurity
Location:This is a fully remote role. Candidates who live near CB offices have theoptionof being fully remote or hybrid (Tuesday and Wednesday in office).
Type:This is a full-time position
About the Team
The Security Engineering team partners across the Technology division to reduce risk and enable secure, scalable systems atCollegeBoard. We design andoperatethe tools, standards, and review processes that help teams build securely by defaultācoveringareas such as application security, data protection, and cloud environments.
Our teamoperateswith a mindset of trust and verification, pairing strong engineering practices with pragmatic governance. We value candid feedback, continuous improvement, and close collaboration with stakeholders to translate security requirements into practical, adoptable solutions that drive measurable risk reduction.
Aboutthe Opportunity
As a Senior Security Engineer, you will play a key role in ensuring the College Board systems are following established best practices.This will include a combination of managing security focused technologies as well as ensuring that non security focused applications are configured to reduce risk for the organization
In this role, you will combine hands-on security engineering with collaborative governance. You will work directly with delivery teams to perform practical,riskreviews,assessing architectures, data flows, and misuse risksāwhile also helping evolve the organizationās security review practices so theyremaineffective and drive risk reduction through standardization. Your work will turn real-world experience into clear standards, guidance, and secure-by-default patternsto help the organization becomepredictable and repeatable rather than ad hoc. You will have meaningful latitude to shape howapplications areconfiguredto ensure that organizational and industry best practices are met.
You will havevisibleimpact by reducing shadowITrisk, preventing sensitive data exposure, and improving time-to-approval through pragmatic, engineering-friendly security guidance. Success in this role requires close collaboration with Information Security partners, teams across the Technology division, and stakeholders in other divisions to translate emerging risk into shared understanding, aligned expectations, and durable security outcomes.
In this role, you will:
Enable cross-functional delivery and execution (40%)
Collaborate closely across delivery teams toalign onsecurity controls and enable secure implementation.
Participate in andfrequentlylead working sessions to unblock teamsātranslating policy into practical implementation steps that fit Agile delivery.
Run periodic spot checks and audits tovalidatethat governance, security conditions, and monitoring remain effective over time, including re-review cadences for production use cases.
Contribute to team ceremonies, documentation, and continuous improvement to keep the program efficient, measurable, and trusted.
Lead security governance and guidance (35%)
Serve as the primary security review partner for use-case assessments working collaboratively with Information Security, Technology teams, and governance stakeholders to continuously refine and improve the security review process based on real implementations, incidents, and emerging risks.
Lead hands-on security assessments for use cases, including data classification and handling, threat modeling, vendor and model risk considerations, and misuse testing.
Define, evolve, andmaintainsecure-by-default standards, patterns, templates, and reference guidance (e.g., documentation expectations, security checklists, and decision records), shaping how security reviews and guardrailsoperatein practice as adoption matures while reducing review friction and cycle time.
Defineanddriveenterprise security expectations for usage, including telemetry, logging, and monitoring requirements that enable detection, investigation, and prevention of misuse across sanctioned systems.
Monitor and reduce shadowIT(25%)
Establish a program toidentifyand reduce shadowITby working with IT and Security teams on discovery signals (proxy/DNS/appdiscovery, endpoint telemetry) and remediation paths.
Produce actionable reporting for leadership including use-case coverage, review outcomes, risk themes, time-to-approve, exceptions, and remediation status.
Partner with Security Operations to implement and tune misuse detections and alerting (e.g., sensitive-data prompts, abnormal usage spikes, repeated jailbreak attempts, suspicious tool calls)
About you, you have:
7+ years in security engineering, application security, cloud security, or security architecture, withdemonstratedownership of work that scales across multiple teams.
Practical experience assessing and securing systems, including application-layer risks, data exposure concerns, and common misuse scenarios.
Practical experience securing modern software systems (APIs, cloud services, CI/CD) and applying those securityfundamentals .
Comfortoperatingin ambiguous, fast-moving environments where standards, tooling, and processes are still being defined and refined.
Strong ability to influence and drivechangeacross organizations, balancing speed of delivery with clear guardrails and measurable risk reduction.
Experience partnering with non-security stakeholders (e.g., product, legal, risk, procurement, operations) to translate security requirements into practical, adoptable guidance.
Confidence presenting security requirements and tradeoffs tostakeholders, andturning ambiguous problems into repeatable processes and standards.
Effective communicator and technical leader, able to provide actionable feedback, mentorpeer
collegeboard