Senior Application Security Engineer

New York City (Hybrid)


Interacting with benefits is confusing. Transform open enrollment. Personalize decisions. Welcome to the benefit experience your employees deserve.

View company page

About Nayya

At Nayya, we believe there’s a better way to choose benefits. A more transparent, less confusing way for employees to control their health and financial potential. Powered by billions of data points and machine learning, our benefits experience platform delivers personalized decision support and guidance during open enrollment, new employee onboarding, qualifying life events, and in the moments that matter all year round. This is one of the most stressful and challenging situations consumers face – and we see that as an opportunity to build an innovative response that can help millions of Americans possess the control and understanding they deserve.

Role Overview: 

We're currently seeking a Senior Application Security Engineer to join our team at Nayya. In this role, you will be instrumental in enhancing the security posture of our organization, with a primary focus on securing our applications and systems.


  • Lead the design and implementation of robust security architecture specifically tailored to our applications and systems
  • Collaborate with cross-functional teams to seamlessly integrate security measures into our application development lifecycle
  • Develop and implement mechanisms for real-time threat detection within our applications
  • Lead incident response efforts to ensure timely and effective resolution of security incidents
  • Conduct regular security audits and assessments to ensure compliance with industry standards and internal security policies
  • Assist in preparing and maintaining documentation for compliance audits and certifications, with a focus on application security
  • Provide training and mentorship to development and operations teams on secure coding practices and application security awareness
  • Foster a culture of security within the organization by promoting best practices and facilitating knowledge sharing related to application security
  • Evaluate, implement, and manage security tools and solutions specifically aimed at enhancing the security of our applications
  • Collaborate with various teams to advocate for application security initiatives and requirements throughout the organization while also effectively communicating security risks, concerns, and solutions to stakeholders at all levels

What You'll Bring:

  • Minimum of 5 years of experience in cybersecurity, with a focus on application security.
  • Proficiency in security and privacy best practices, industry standards, and frameworks (e.g., OWASP, NIST)
  • Experience with implementing and managing security in cloud environments, preferably AWS
  • Expertise in security testing methodologies and tools (e.g., SAST, DAST, SCA, IAST) with a track record of implementation
  • Experience with automation tools and scripting languages (e.g., Python, Shell, PowerShell)
  • Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security are a plus but not required
  • Excellent problem-solving, communication, and leadership skills

The salary range for New York based candidates for this role is $117,600 - 150,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.





Why Join Nayya? 

  • Be an early employee of a quickly growing, VC-backed start-up - grow with us! 
  • Have a meaningful impact on a platform that is scaling very rapidly
  • Contribute to a values-based culture with an emphasis on empowerment and autonomy
  • Work in a highly collaborative, cross-functional environment
  • Benefits include: Competitive pay, employer-paid healthcare, stock options

Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics

Apply now Apply later
  • Share this job via
  • or

Tags: Application security Audits Automation AWS Business Intelligence CEH CISM CISSP Cloud Compliance DAST IAST Incident response Machine Learning NIST OWASP PowerShell Privacy Python SAST Scripting Threat detection

Perks/benefits: Career development Competitive pay Equity Health care Startup environment Team events

Region: North America
Country: United States
Job stats:  5  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.