Senior Security Engineer
At Nayya, we believe there’s a better way to choose benefits. A more transparent, less confusing way for employees to control their health and financial potential. Powered by billions of data points and machine learning, our benefits experience platform delivers personalized decision support and guidance during open enrollment, new employee onboarding, qualifying life events, and in the moments that matter all year round. This is one of the most stressful and challenging situations consumers face – and we see that as an opportunity to build an innovative response that can help millions of Americans possess the control and understanding they deserve.
We are seeking a highly skilled and experienced Senior Security Engineer to join our team at Nayya. In this role, you will play a critical role in enhancing the security posture of our organization through the integration of security practices into our development and operational processes.
Reporting to the Head of Data Security, the Senior Security Engineer will collaborate closely with security and engineering stakeholders to ensure we are aligning security best practices with business goals and objectives.
- Security Architecture and Design:
- Lead the design and implementation of security architecture for our products, applications, and systems.
- Collaborate with cross-functional teams to ensure security measures are integrated seamlessly into the development lifecycle.
- DevSecOps Integration:
- Champion the integration of security into the DevOps processes, promoting a "shift-left" mentality regarding security.
- Implement and maintain automated security testing tools and processes to identify vulnerabilities early in the development cycle.
- Threat Detection and Incident Response:
- Develop and implement threat detection mechanisms to identify potential security threats and vulnerabilities in real-time.
- Lead incident response efforts and collaborate with incident response teams to ensure timely and effective resolution of security incidents.
- Security Audits and Compliance:
- Conduct regular security audits and assessments to ensure compliance with industry standards, regulations, and internal security policies.
- Assist in preparing and maintaining documentation for compliance audits and certifications.
- Security Training and Awareness:
- Provide training and mentorship to development and operations teams on secure coding practices and security awareness.
- Foster a culture of security within the organization by promoting best practices and knowledge sharing.
- Security Tooling and Solutions:
- Evaluate, implement, and manage security tools and solutions to enhance the security infrastructure and protect our systems and data.
- Collaboration and Communication:
- Collaborate with various teams to promote security initiatives and requirements throughout the organization.
- Effectively communicate security risks, concerns, and solutions to stakeholders at all levels.
- Bachelor's in Computer Science, Information Security, or a related field.
- 5 years of experience in the field of cybersecurity, with a focus on DevSecOps and security engineering.
- Self-motivated, naturally inquisitive and possesses strong accountability for outcomes.
- Proficiency in security and privacy best practices, industry standards, and frameworks (e.g., OWASP, NIST, CIS, SOC2, HIPAA, HITRUST).
- Experience with implementing and managing security in cloud environments (e.g., AWS).
- Expertise in security testing methodologies and tools (e.g., SAST, DAST, SCA, IAST) with experience in evaluating, sourcing and implementing these tools.
- Experience with automation tools and scripting languages (e.g., Python, Shell, PowerShell).
- Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security – a plus.
- Excellent problem-solving, communication, and leadership skills.
If you are passionate about security, possess strong technical expertise, and are eager to make a significant impact in enhancing our organization's security posture, we encourage you to apply for this exciting opportunity as a Senior Security Engineer at Nayya.
The salary range for New York based candidates for this role is $130,000- $155,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.
Why Join Nayya?
- Be an early employee of a quickly growing, VC-backed start-up - grow with us!
- Have a meaningful impact on a platform that is scaling very rapidly
- Contribute to a values-based culture with an emphasis on empowerment and autonomy
- Work in a highly collaborative, cross-functional environment
- Benefits include: Competitive pay, employer-paid healthcare, stock options
Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics