AppSec Jobs
← Back to all jobs

NMDP

Senior Information Security Engineer

United StatesWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About NMDP

NMDP (National Marrow Donor Program) is a global nonprofit organization focused on saving lives through blood stem cell and bone marrow transplants. It operates the largest hematopoietic cell registry, with over 22 million potential donors and more than 300,000 cord blood units. This extensive network helps match patients with life-threatening blood cancers and disorders who do not have family donors. Founded in 1986, NMDP has facilitated over 140,000 transplants, with significant milestones including the launch of NMDP BioTherapies for cell therapy services and the introduction of cryopreservation for reliable transplant access. The organization provides comprehensive services, including donor coordination, logistics, and patient support, while also conducting research to improve transplant outcomes. NMDP emphasizes diversity in its donor recruitment efforts and collaborates with hospitals and blood banks worldwide to enhance its impact.

Industry

nonprofit organization management

Employees

2,400

75 engineers

Website

Visit →

Security at NMDP

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • The team focuses on deep technical reviews and driving remediation across the lifecycle.
  • The approach emphasizes coaching and providing guardrails to ensure secure application development by assessing maturity, defining security requirements and guardrails, and delivering prioritized recommendations.
  • NMDP utilizes a risk-prioritized approach to vulnerability management.

Security Team

  • The AppSec team operates under the CIO, Jim Graham, with Jay Bolser serving as Application Security Architect.
  • The team is estimated at 5-10 members based on LinkedIn searches.
  • Key focus areas include SDLC integration, threat modeling, and multi-layered scanning (SAST/DAST/SCA).
  • No specific CISO title was identified in public leadership listings.

Key Initiatives

  • Security is integrated into the pipeline and design phases with emphasis on 'shift left' practices.
  • The vulnerability management process includes intake (identifying vulnerabilities, insecure patterns, and design flaws), triage/remediation (prioritizing risk, defining remediation plans, tracking progress, and validating fixes).
  • The team requires security sign-offs and threat models including design reviews, threat modeling, security requirements definition, and pre-release security sign-off criteria.
  • Recent initiatives focus on AI/ML security, including defining security requirements and guardrails for AI/ML features and capabilities.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.