Senior Application Security Engineer

About Nayya

At Nayya, we believe there’s a better way to choose benefits. A more transparent, less confusing way for employees to control their health and financial potential. Powered by billions of data points and machine learning, our benefits experience platform delivers personalized decision support and guidance during open enrollment, new employee onboarding, qualifying life events, and in the moments that matter all year round. This is one of the most stressful and challenging situations consumers face – and we see that as an opportunity to build an innovative response that can help millions of Americans possess the control and understanding they deserve.

Role Overview: 

We're currently seeking a Senior Application Security Engineer to join our team at Nayya. In this role, you will be instrumental in enhancing the security posture of our organization, with a primary focus on securing our applications and systems.

Responsibilities:

• Lead the design and implementation of robust security architecture specifically tailored to our applications and systems
• Collaborate with cross-functional teams to seamlessly integrate security measures into our application development lifecycle
• Develop and implement mechanisms for real-time threat detection within our applications
• Lead incident response efforts to ensure timely and effective resolution of security incidents
• Conduct regular security audits and assessments to ensure compliance with industry standards and internal security policies
• Assist in preparing and maintaining documentation for compliance audits and certifications, with a focus on application security
• Provide training and mentorship to development and operations teams on secure coding practices and application security awareness
• Foster a culture of security within the organization by promoting best practices and facilitating knowledge sharing related to application security
• Evaluate, implement, and manage security tools and solutions specifically aimed at enhancing the security of our applications
• Collaborate with various teams to advocate for application security initiatives and requirements throughout the organization while also effectively communicating security risks, concerns, and solutions to stakeholders at all levels

What You'll Bring:

• Minimum of 5 years of experience in cybersecurity, with a focus on application security.
• Proficiency in security and privacy best practices, industry standards, and frameworks (e.g., OWASP, NIST)
• Experience with implementing and managing security in cloud environments, preferably AWS
• Expertise in security testing methodologies and tools (e.g., SAST, DAST, SCA, IAST) with a track record of implementation
• Experience with automation tools and scripting languages (e.g., Python, Shell, PowerShell)
• Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security are a plus but not required
• Excellent problem-solving, communication, and leadership skills

The salary range for New York based candidates for this role is $117,600 - 150,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.

#LI-DD1

#LI-HYBRID

#BI-Hybrid

Why Join Nayya? 

• Be an early employee of a quickly growing, VC-backed start-up - grow with us! 
• Have a meaningful impact on a platform that is scaling very rapidly
• Contribute to a values-based culture with an emphasis on empowerment and autonomy
• Work in a highly collaborative, cross-functional environment
• Benefits include: Competitive pay, employer-paid healthcare, stock options

Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics