Edtech.com's Summary

College Board is hiring a Senior Security Engineer. The role involves hands-on security engineering combined with governance to ensure secure system configurations and risk reduction across the organization. The engineer will collaborate with cross-functional teams to lead security reviews, assessments, and establish standards to minimize shadow IT and data exposure risks.

Highlights

Collaborate with delivery teams to implement and validate security controls.
Lead and refine security governance, conduct risk assessments, and shape secure-by-default standards.
Establish programs to monitor and reduce shadow IT using discovery and telemetry.
Produce reports for leadership on security outcomes, risk themes, and remediation status.
Implement and tune misuse detection alerts in partnership with Security Operations.
Require 7+ years of experience in security engineering, application security, cloud security, or security architecture.
Must have practical experience securing modern software systems including APIs, cloud, and CI/CD pipelines.
Ability to influence organizational change and translate requirements into adoptable security guidance.
Strong communication, mentorship skills, and ability to work with non-security stakeholders.
Full-time role with salary range from $153,000 to $166,000, depending on location and experience.

Senior Security Engineer Full Description

College Board - Technology - Security

Location: This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).

Type: This is a full-time position

About the Team

The Security Engineering team partners across the Technology division to reduce risk and enable secure, scalable systems at College Board. We design and operate the tools, standards, and review processes that help teams build securely by default—covering areas such as application security, data protection, and cloud environments.

Our team operates with a mindset of trust and verification, pairing strong engineering practices with pragmatic governance. We value candid feedback, continuous improvement, and close collaboration with stakeholders to translate security requirements into practical, adoptable solutions that drive measurable risk reduction.

About the Opportunity

As a Senior Security Engineer, you will play a key role in ensuring the College Board systems are following established best practices. This will include a combination of managing security focused technologies as well as ensuring that non security focused applications are configured to reduce risk for the organization

In this role, you will combine hands-on security engineering with collaborative governance. You will work directly with delivery teams to perform practical, risk reviews, assessing architectures, data flows, and misuse risks—while also helping evolve the organization's security review practices so they remain effective and drive risk reduction through standardization. Your work will turn real-world experience into clear standards, guidance, and secure-by-default patterns to help the organization become predictable and repeatable rather than ad hoc. You will have meaningful latitude to shape how applications are configured to ensure that organizational and industry best practices are met.

You will have visible impact by reducing shadow IT risk, preventing sensitive data exposure, and improving time-to-approval through pragmatic, engineering-friendly security guidance. Success in this role requires close collaboration with Information Security partners, teams across the Technology division, and stakeholders in other divisions to translate emerging risk into shared understanding, aligned expectations, and durable security outcomes.

In this role, you will:

Enable cross-functional delivery and execution (40%)

Collaborate closely across delivery teams to align on security controls and enable secure implementation.
Participate in and frequently lead working sessions to unblock teams—translating policy into practical implementation steps that fit Agile delivery.
Run periodic spot checks and audits to validate that governance, security conditions, and monitoring remain effective over time, including re-review cadences for production use cases.
Contribute to team ceremonies, documentation, and continuous improvement to keep the program efficient, measurable, and trusted.

Lead security governance and guidance (35%)

Serve as the primary security review partner for use-case assessments working collaboratively with Information Security, Technology teams, and governance stakeholders to continuously refine and improve the security review process based on real implementations, incidents, and emerging risks.
Lead hands-on security assessments for use cases, including data classification and handling, threat modeling, vendor and model risk considerations, and misuse testing.
Define, evolve, and maintain secure-by-default standards, patterns, templates, and reference guidance (e.g., documentation expectations, security checklists, and decision records), shaping how security reviews and guardrails operate in practice as adoption matures while reducing review friction and cycle time.
Define and drive enterprise security expectations for usage, including telemetry, logging, and monitoring requirements that enable detection, investigation, and prevention of misuse across sanctioned systems.

Monitor and reduce shadow IT (25%)

Establish a program to identify and reduce shadow IT by working with IT and Security teams on discovery signals (proxy/DNS/app discovery, endpoint telemetry) and remediation paths.
Produce actionable reporting for leadership including use-case coverage, review outcomes, risk themes, time-to-approve, exceptions, and remediation status.
Partner with Security Operations to implement and tune misuse detections and alerting (e.g., sensitive-data prompts, abnormal usage spikes, repeated jailbreak attempts, suspicious tool calls)

About you, you have:

7+ years in security engineering, application security, cloud security, or security architecture, with demonstrated ownership of work that scales across multiple teams.
Practical experience assessing and securing systems, including application-layer risks, data exposure concerns, and common misuse scenarios.
Practical experience securing modern software systems (APIs, cloud services, CI/CD) and applying those security fundamentals .
Comfort operating in ambiguous, fast-moving environments where standards, tooling, and processes are still being defined and refined.
Strong ability to influence and drive change across organizations, balancing speed of delivery with clear guardrails and measurable risk reduction.
Experience partnering with non-security stakeholders (e.g., product, legal, risk, procurement, operations) to translate security requirements into practical, adoptable guidance.
Confidence presenting security requirements and tradeoffs to stakeholders, and turning ambiguous problems into repeatable processes and standards.
Effective communicator and technical leader, able to provide actionable feedback, mentor peers and junior engineers, and participate in interviews to evaluate engineering talent.
Ability to travel 3-5 times per year to College Board offices.
Authorization to work in the United States.

All roles at College Board require:

A passion for expanding educational and career opportunities and mission-driven work
Authorization to work in the United States for any employer
Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new solutions and a comfort learning and applying new digital tools independently and proactively.
Clear and concise communication skills, written and verbal
A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success.

About Our Process

Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days. Preferred application deadline is Sunday, November 30th. Please keep in mind that College Board offices will be closed November 27th - November 28th and December 25th - January 2nd so it is better to apply sooner than later.
While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer

At College Board, we offer more than just a paycheck—we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We're a self-sustaining nonprofit that believes in fair and competitive compensation, grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

The hiring range for this role is $153,000 - $166,000
Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
We aim to make our best offer upfront—rooted in fairness, transparency, and market data.
We adjust salaries by location to ensure fairness, no matter where you live.

You'll have open, transparent conversations about compensation, benefits, and what it's like to work at College Board throughout your hiring process. Check out our careers page for more.

#LI-DC1

#LI-REMOTE

Original Job Description