Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Senior Application Security Engineer image - Rise Careers
Job details

Senior Application Security Engineer

About Nayya

Founded in 2019, Nayya is on a mission to connect people’s most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya’s platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives. Backed by strategic investors like ICONIQ, Felicis Ventures, SemperVirens, Workday Ventures, MetLife Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all.

 

About the Role

We are seeking a Senior Application Security Engineer to integrate security into our software development lifecycle and ensure our applications are built with strong security foundations. You will work closely with development teams to identify and mitigate security risks, implement security best practices, and drive security automation within CI/CD pipelines. The ideal candidate is passionate about secure coding, threat modeling, and application security testing.

We are looking for an expert who thrives in an environment that values impatience, excellence, resilience, and courage

Responsibilities

  • Conduct security assessments, code reviews, and threat modeling to identify and mitigate risks in applications.
  • Develop and enforce secure coding guidelines and best practices across engineering teams.
  • Automate security testing within CI/CD pipelines using SAST, DAST, and SCA tools.
  • Collaborate with developers to remediate vulnerabilities and provide security training.
  • Design and implement application-layer security controls, including authentication, authorization, and encryption mechanisms.
  • Research emerging threats and vulnerabilities to enhance application security strategies.
  • Assist in incident response related to application security breaches.
  • Work with product and engineering teams to ensure security is embedded in the SDLC.

Requirements

  • 3+ years of experience in application security, software development, or DevSecOps.
  • Strong understanding of web application security principles, OWASP Top 10, and secure coding practices.
  • Hands-on experience with security testing tools such as Burp Suite, SAST/DAST/SCA solutions, and fuzzing tools.
  • Proficiency in at least one programming language (e.g., Python, JavaScript, Java, or Go).
  • Familiarity with cloud-native security (AWS, GCP, or Azure).
  • Knowledge of container and microservices security best practices.
  • Security certifications such as OSWE, GWAPT, or CISSP are a plus.
  • Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.

The salary range for New York based candidates for this role is $125,000 - $160,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience. 

#LI-DD1

#LI-HYBRID 

Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics

Average salary estimate

$142500 / YEARLY (est.)
min
max
$125000K
$160000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Senior Application Security Engineer, Nayya

Join Nayya as a Senior Application Security Engineer and play a crucial role in protecting the applications that help people thrive in their health and wealth! Founded in 2019 and backed by top-tier investors, Nayya is reshaping the benefits experience with AI and advanced analytics. In this role, you will collaborate with development teams to integrate security into the software development lifecycle, ensuring every application is built on a solid foundation. Your day-to-day will involve conducting security assessments, performing code reviews, and developing secure coding guidelines that all engineering teams can follow. You’ll also get to automate security testing processes within CI/CD pipelines, making sure our security measures are as efficient as possible. We’re looking for someone who isn’t just knowledgeable about secure coding and threat modeling, but who is also passionate about creating a secure environment for our users. If you’re proactive and thrive in a culture that values excellence, resilience, and courage, this is the perfect opportunity for you to advance your career while making a significant impact. Don’t miss your chance to join a company that's dedicated to making a real difference in people's lives. With a competitive salary range of $125,000 - $160,000, along with the flexibility of remote work, Nayya welcomes you to be part of our innovative journey!

Frequently Asked Questions (FAQs) for Senior Application Security Engineer Role at Nayya
What are the responsibilities of a Senior Application Security Engineer at Nayya?

As a Senior Application Security Engineer at Nayya, your key responsibilities will include conducting security assessments, performing code reviews, and threat modeling to identify and mitigate risks. You will develop secure coding guidelines, automate security testing in CI/CD pipelines, and collaborate with developers to remediate any vulnerabilities. Additionally, you will assist in incident response and ensure security is embedded throughout the software development lifecycle.

Join Rise to see the full answer
What qualifications do I need to apply for the Senior Application Security Engineer position at Nayya?

To qualify for the Senior Application Security Engineer position at Nayya, you should have at least 3 years of experience in application security or software development. A strong understanding of web application security principles, OWASP Top 10, and secure coding practices is essential. Hands-on experience with security testing tools, proficiency in programming languages such as Python, JavaScript, Java, or Go, and knowledge of cloud-native security are also important for this role.

Join Rise to see the full answer
How does Nayya support professional development for Senior Application Security Engineers?

Nayya values continuous improvement and growth. As a Senior Application Security Engineer, you will have opportunities to engage in security training, stay updated on emerging threats, and collaborate with cross-functional teams. Additionally, we encourage you to pursue relevant security certifications, which could further enhance your expertise and career prospects within the company.

Join Rise to see the full answer
What tools will I use as a Senior Application Security Engineer at Nayya?

In your role as a Senior Application Security Engineer at Nayya, you'll work with various security testing tools such as Burp Suite, SAST/DAST/SCA solutions, and fuzzing tools for assessing application vulnerabilities. You’ll also need to be familiar with CI/CD pipeline tools to automate security testing efficiently, ensuring we maintain high-security standards in our development process.

Join Rise to see the full answer
What is the work environment like for a Senior Application Security Engineer at Nayya?

Nayya fosters a collaborative and dynamic work environment where innovation is encouraged. As a Senior Application Security Engineer, you'll work closely with development teams, conducting security assessments and training while also being part of a culture that prioritizes excellence and proactive problem-solving. We promote a hybrid work model, allowing you to work onsite Tuesday through Thursday and remotely on Mondays and Fridays.

Join Rise to see the full answer
Common Interview Questions for Senior Application Security Engineer
What is your experience with secure coding practices?

When answering this question, describe your familiarity with secure coding guidelines and how you have implemented them in past projects. Provide specific examples where your knowledge of OWASP Top 10 has helped mitigate vulnerabilities, showcasing your technical expertise and commitment to security.

Join Rise to see the full answer
Can you explain a recent security assessment you conducted?

In your response, walk the interviewer through a recent security assessment by detailing the scope, tools used, findings, and the remedial actions taken. Highlight any significant issues discovered and how you collaboratively worked with developers to enhance application security.

Join Rise to see the full answer
What tools do you prefer for application security testing, and why?

Talk about your favorite tools and explain your reasoning for using them. Discuss specific features that have proven valuable in your security assessments, such as ease of integration with CI/CD pipelines or detailed reporting capabilities, to demonstrate your hands-on experience.

Join Rise to see the full answer
How do you stay informed about emerging security threats?

Share your strategies for staying updated on security threats, such as following industry blogs, attending webinars, participating in security forums, or subscribing to threat intelligence feeds. Highlight your commitment to continuous learning and professional growth in the field of application security.

Join Rise to see the full answer
Describe a time when you had to handle a security incident.

Provide a detailed account of a specific security incident you faced. Explain how you approached the situation, the actions you took to mitigate the issue, and the lessons learned that improved your security protocols moving forward.

Join Rise to see the full answer
What is your experience with DevSecOps?

In your answer, discuss your experience integrating security practices into the DevOps process. Highlight how you have collaborated with development teams to embed security in their workflows, the tools you used, and any positive outcomes that resulted from these efforts.

Join Rise to see the full answer
How do you evaluate and prioritize security vulnerabilities?

Explain your approach to evaluating security vulnerabilities based on risk assessment, including factors like potential impact and exploitability. Share how you prioritize remediation efforts and collaborate with cross-functional teams to address high-risk vulnerabilities in a timely manner.

Join Rise to see the full answer
What experience do you have with cloud-native security?

Discuss any hands-on experience you have with securing cloud environments, such as AWS, GCP, or Azure. Talk about specific security measures you have implemented and your understanding of best practices for managing identity, access, and data protection in the cloud.

Join Rise to see the full answer
How do you ensure security is considered throughout the software development lifecycle?

Describe your methodology for embedding security in the SDLC, including how you work with product and development teams to incorporate security assessments from the early stages of development through to deployment. Highlight the importance of fostering a culture of security awareness among all team members.

Join Rise to see the full answer
What are some common security challenges you’ve faced in application development?

Share insights into common challenges such as managing third-party dependencies, ensuring secure coding in agile environments, and balancing speed and security. Provide examples from your experience that showcase your problem-solving abilities and commitment to maintaining security standards.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Nayya Remote New York, United States
VIEW
Posted 10 days ago

Join Nayya as a Commercial Counsel to navigate complex legal challenges while enabling growth and innovation in health and wealth solutions.

Photo of the Rise User
Nayya Remote New York, United States
VIEW
Posted 10 days ago

As a Product Marketing Manager at Nayya, you'll lead market positioning and storytelling efforts to drive growth for innovative solutions in health and wealth.

Photo of the Rise User
Aetos Systems Remote No location specified
VIEW
Posted 6 days ago

Aetos Systems, Inc. is looking for a Cybersecurity Analyst to proactively safeguard organizational assets and collaborate with teams to enhance security measures.

I
Inetum Remote Bucharest, Romania
VIEW
Posted 5 days ago

Become a key player at Inetum as a Senior Information Security Specialist, managing critical cybersecurity initiatives in a collaborative environment.

Photo of the Rise User
Cirrus Aircraft Hybrid Duluth, MN
VIEW
Posted 7 days ago

Cirrus Aircraft invites applications for a Sr. Applications Analyst to optimize enterprise applications in a dynamic team environment.

Photo of the Rise User
Oxylabs Hybrid Vilnius
VIEW
Posted 9 days ago

Seeking a skilled Senior System Administrator to manage our advanced infrastructure in a dynamic, collaborative environment in Vilnius.

k
kmkp Remote Remote
VIEW
Posted 10 days ago

Join KACE as a Body Worn Camera Coordinator, providing vital support to enhance law enforcement operational practices.

Photo of the Rise User
FMC Hybrid Philadelphia, Pennsylvania
VIEW
Posted 8 days ago

FMC Corporation is looking for an experienced IT Strategy, Portfolio, and Change Management Leader to join our Digital IT team in Philadelphia.

B
Big Ideas Educational Services Hybrid Miramar, FL
VIEW
Posted 6 days ago

Join Big Ideas Educational Services as a Part-Time IT Specialist to maintain and enhance our technology systems supporting educational programming.

C
Clarivate Remote R155-Belgrade
VIEW
Posted 11 days ago

We're seeking an IP Admin Analyst with a passion for intellectual property to join our dedicated Product & Client Services team in Belgrade.

Photo of the Rise User Nayya

At Nayya, they believe there’s a better way to choose benefits. A more transparent, less confusing way for employees to control their health and financial potential.

5 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
April 21, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok