Senior Application Security Engineer
About Nayya
Founded in 2019, Nayya is on a mission to connect people’s most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya’s platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives. Backed by strategic investors like ICONIQ, Felicis Ventures, SemperVirens, Workday Ventures, MetLife Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all.
About the Role
We are seeking a Senior Application Security Engineer to integrate security into our software development lifecycle and ensure our applications are built with strong security foundations. You will work closely with development teams to identify and mitigate security risks, implement security best practices, and drive security automation within CI/CD pipelines. The ideal candidate is passionate about secure coding, threat modeling, and application security testing.
We are looking for an expert who thrives in an environment that values impatience, excellence, resilience, and courage.
Responsibilities
- Conduct security assessments, code reviews, and threat modeling to identify and mitigate risks in applications.
- Develop and enforce secure coding guidelines and best practices across engineering teams.
- Automate security testing within CI/CD pipelines using SAST, DAST, and SCA tools.
- Collaborate with developers to remediate vulnerabilities and provide security training.
- Design and implement application-layer security controls, including authentication, authorization, and encryption mechanisms.
- Research emerging threats and vulnerabilities to enhance application security strategies.
- Assist in incident response related to application security breaches.
- Work with product and engineering teams to ensure security is embedded in the SDLC.
Requirements
- 3+ years of experience in application security, software development, or DevSecOps.
- Strong understanding of web application security principles, OWASP Top 10, and secure coding practices.
- Hands-on experience with security testing tools such as Burp Suite, SAST/DAST/SCA solutions, and fuzzing tools.
- Proficiency in at least one programming language (e.g., Python, JavaScript, Java, or Go).
- Familiarity with cloud-native security (AWS, GCP, or Azure).
- Knowledge of container and microservices security best practices.
- Security certifications such as OSWE, GWAPT, or CISSP are a plus.
- Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.
The salary range for New York based candidates for this role is $125,000 - $160,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.
#LI-DD1
#LI-HYBRID
Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Join Patreon as a Senior Security Engineer to strengthen our security infrastructure and protect sensitive creator data.
Join Bosch as an intern and gain valuable experience in Network Operations while working with advanced technologies and a dynamic team.
Join Zip’s Engineering team as a Senior Security Engineer to lead cloud security initiatives in a dynamic, remote-first environment.
Take on a pivotal role as an Enterprise Architect, contributing to major IT projects and international collaborations.
Join Müller's Solutions as a Team Lead for Subsidiaries Applications and lead global ERP initiatives to optimize business operations.
Hexagon US Federal is looking for a Senior Data Storage Administrator (Cloud Architect) to lead the design and management of cloud storage solutions.
Exciting opportunity for a skilled Oracle Cloud ERP Technical Associate with expertise in BIP Reports and financial modules.
Seeking an IT Support Specialist to enhance our tech support team at a leading logistics company in Alaska.
Join SRP as a Principal Network Engineer and shape the future of secure, resilient networks essential for reliable and sustainable energy.
Join Shell Energy Trading as a Senior Software Engineer to lead technical innovation in energy trading systems while fostering high-performance teams.
Universal Logistics is seeking a Technical Analyst to enhance their software solutions within a dynamic logistics environment.
Phoenix Counseling Center is looking for an experienced IT Director to oversee the agency’s technology systems and IT team to enhance operational efficiency.
Join Wyetech as a Senior DevOps Engineer to drive innovation and streamline cloud infrastructure efforts for federal government projects.
At Nayya, they believe there’s a better way to choose benefits. A more transparent, less confusing way for employees to control their health and financial potential.
5 jobsSubscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
