Job Description
Job Description
About Nayya
Founded in 2019, Nayya is on a mission to connect people's most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya's platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives. Backed by strategic investors like ICONIQ, Felicis Ventures, SemperVirens, Workday Ventures, MetLife Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all.
About the Role
We are seeking a Senior Application Security Engineer to integrate security into our software development lifecycle and ensure our applications are built with strong security foundations. You will work closely with development teams to identify and mitigate security risks, implement security best practices, and drive security automation within CI/CD pipelines. The ideal candidate is passionate about secure coding, threat modeling, and application security testing.
We are looking for an expert who thrives in an environment that values impatience, excellence, resilience, and courage.
Responsibilities
- Conduct security assessments, code reviews, and threat modeling to identify and mitigate risks in applications.
- Develop and enforce secure coding guidelines and best practices across engineering teams.
- Automate security testing within CI/CD pipelines using SAST, DAST, and SCA tools.
- Collaborate with developers to remediate vulnerabilities and provide security training.
- Design and implement application-layer security controls, including authentication, authorization, and encryption mechanisms.
- Research emerging threats and vulnerabilities to enhance application security strategies.
- Assist in incident response related to application security breaches.
- Work with product and engineering teams to ensure security is embedded in the SDLC.
Requirements
- 3+ years of experience in application security, software development, or DevSecOps.
- Strong understanding of web application security principles, OWASP Top 10, and secure coding practices.
- Hands-on experience with security testing tools such as Burp Suite, SAST/DAST/SCA solutions, and fuzzing tools.
- Proficiency in at least one programming language (e.g., Python, JavaScript, Java, or Go).
- Familiarity with cloud-native security (AWS, GCP, or Azure).
- Knowledge of container and microservices security best practices.
- Security certifications such as OSWE, GWAPT, or CISSP are a plus.
- Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.
The salary range for New York based candidates for this role is $125,000 - $160,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.
#LI-DD1
#LI-HYBRID
Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics