Role Overview

We are seeking a highly skilled and experienced Senior Security Engineer to join our team at Nayya. In this role, you will play a critical role in enhancing the security posture of our organization through the integration of security practices into our development and operational processes.

Reporting to the Head of Data Security, the Senior Security Engineer will collaborate closely with security and engineering stakeholders to ensure we are aligning security best practices with business goals and objectives.

Responsibilities

• Security Architecture and Design:
• Lead the design and implementation of security architecture for our products, applications, and systems.
• Collaborate with cross-functional teams to ensure security measures are integrated seamlessly into the development lifecycle.
• DevSecOps Integration:
• Champion the integration of security into the DevOps processes, promoting a "shift-left" mentality regarding security.
• Implement and maintain automated security testing tools and processes to identify vulnerabilities early in the development cycle.
• Threat Detection and Incident Response:
• Develop and implement threat detection mechanisms to identify potential security threats and vulnerabilities in real-time.
• Lead incident response efforts and collaborate with incident response teams to ensure timely and effective resolution of security incidents.
• Security Audits and Compliance:
• Conduct regular security audits and assessments to ensure compliance with industry standards, regulations, and internal security policies.
• Assist in preparing and maintaining documentation for compliance audits and certifications.
• Security Training and Awareness:
• Provide training and mentorship to development and operations teams on secure coding practices and security awareness.
• Foster a culture of security within the organization by promoting best practices and knowledge sharing.
• Security Tooling and Solutions:
• Evaluate, implement, and manage security tools and solutions to enhance the security infrastructure and protect our systems and data.
• Collaboration and Communication:
• Collaborate with various teams to promote security initiatives and requirements throughout the organization.
• Effectively communicate security risks, concerns, and solutions to stakeholders at all levels.

Qualifications

• Bachelor's in Computer Science, Information Security, or a related field.
• 5 years of experience in the field of cybersecurity, with a focus on DevSecOps and security engineering.
• Self-motivated, naturally inquisitive and possesses strong accountability for outcomes.
• Proficiency in security and privacy best practices, industry standards, and frameworks (e.g., OWASP, NIST, CIS, SOC2, HIPAA, HITRUST).
• Experience with implementing and managing security in cloud environments (e.g., AWS).
• Expertise in security testing methodologies and tools (e.g., SAST, DAST, SCA, IAST) with experience in evaluating, sourcing and implementing these tools.
• Experience with automation tools and scripting languages (e.g., Python, Shell, PowerShell).
• Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security – a plus.
• Excellent problem-solving, communication, and leadership skills.

If you are passionate about security, possess strong technical expertise, and are eager to make a significant impact in enhancing our organization's security posture, we encourage you to apply for this exciting opportunity as a Senior Security Engineer at Nayya.

The salary range for New York based candidates for this role is $130,000- $155,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.

#LI-CM1

#LI-HYBRID

#BI-Hybrid