Nexxen
Senior Security Engineer – New York, NY
About Nexxen
Flexible advertising, unified by data. Nexxen empowers advertisers, agencies, publishers and broadcasters around the world to utilize data and advanced TV in the ways that are most meaningful to them. Our flexible and unified technology stack comprises a demand‑side platform (“DSP”) and supply‑side platform (“SSP”), with the Nexxen Data Platform at its core.
Why join the Nexxen team?
With a global footprint, you can be part of a team that is transforming advertising through our creative, flexible and unified solutions. Employees hustle, commit and dedicate themselves to pillars that make up the Nexxen Way – the 3Cs: Customer Centric, Curious Mindset, Collaborative with No Ego.
Important Notice: Your Safety Matters
At Nexxen, we care about the well‑being of our employees. We will never request payment as a condition of employment, offer positions that require investment in vague schemes, or promote get‑rich‑quick opportunities. If you receive a suspicious message claiming to be from Nexxen, please contact infosec@nexxen.com to verify its legitimacy.
Senior Security Engineer to lead Identity & Data Security across Azure AD/Entra ID, AWS, and global data centers. You will consolidate identity, deploy PAM, automate authentication and access reviews, and drive data discovery/classification and lifecycle controls leveraging AI analytics to detect identity risk and strengthen data protection.
Location
Based in the New York office. Hybrid schedule – office three days a week and remote for the rest.
Responsibilities
Strategy and leadership: define roadmap for identity consolidation, PAM rollout, and data security maturity.
Establish identity/data control baselines, operational runbooks, and measurable SLAs.
Product, delivery, and value realization: deliver Azure AD consolidation, Conditional Access, MFA, PIM, and Azure AD/AWS SSO integration.
Implement PAM (CyberArk or Delinea) with JIT/JEA, session recording, and break‑glass procedures.
Operationalize access reviews and automate provisioning/deprovisioning and entitlement workflows.
Architecture and integrations: harden AWS orgs across ~30 accounts with SCPs, permission boundaries, and account vending patterns.
Standardize data discovery/classification, retention, encryption, key management, and tokenization across platforms.
Integrate Apono for database access governance; enforce auditable, least‑privilege access.
Security, risk, and compliance: monitor identity and data compliance; apply AI‑driven anomaly detection to reduce dwell time.
Partner with Compliance on evidence automation and control mapping for SOC 2/SOX/GDPR.
Support incident response for identity/data events; contribute to post‑incident improvements.
People leadership: enable Security Champions across engineering; deliver training and self‑service, secure access workflows.
Partner cross‑functionally with IT, Infrastructure, DB, and Data Engineering to scale operational adoption.
Qualifications
6+ years in Identity and Data Security within enterprise and cloud‑native environments.
Hands‑on expertise: Azure AD/Entra ID, Conditional Access, MFA, PIM; SCIM, OIDC, SAML; Okta or AWS IAM Identity Center.
PAM (CyberArk/Delinea); privileged workflows, credential rotation, session recording.
AWS IAM at scale: Organizations, Control Tower, SCPs, Access Analyzer; GuardDuty, Security Hub, Macie; KMS/HSM; CloudTrail/Config.
Data security: Microsoft Purview (classification/DLP), envelope encryption, S3/KMS policies, tokenization.
Automation: PowerShell, Python, Terraform; Graph API, AWS SDK; Step Functions/Lambda for access workflows.
Databases: PostgreSQL/Aurora/RDS hardening; short‑lived credentials; auditable RBAC/ABAC.
Proven delivery of identity consolidation, access review automation, and data lifecycle programs.
Collaborative communicator with strong stakeholder influence.
Analytical, detail‑oriented, and automation‑first mindset.
Ability to manage competing priorities and drive closure on complex issues.
Success Metrics
Identity consolidation milestones, PAM adoption, and access workflow automation rate.
Identity incident MTTR, access review completion, anomaly detection precision.
Reduced excessive privileges, SoD violation prevention, least‑privilege coverage.
Evidence completeness, audit readiness, and remediation SLAs met.
License utilization (PAM/SSO), reduced admin overhead via automation.
Champion engagement, training completion, cross‑team integration effectiveness.
Salary & Benefits Pay transparency and equity: minimum and maximum full‑time annual base salary for this role in New York is $150,000 – $170,000. Additional benefits include medical, dental, vision, disability insurance, 401(k), EAP, parental leave, unlimited vacation, and company‑paid holidays. Specific programs may vary by state, start date, and employment type.
#J-18808-Ljbffr
Flexible advertising, unified by data. Nexxen empowers advertisers, agencies, publishers and broadcasters around the world to utilize data and advanced TV in the ways that are most meaningful to them. Our flexible and unified technology stack comprises a demand‑side platform (“DSP”) and supply‑side platform (“SSP”), with the Nexxen Data Platform at its core.
Why join the Nexxen team?
With a global footprint, you can be part of a team that is transforming advertising through our creative, flexible and unified solutions. Employees hustle, commit and dedicate themselves to pillars that make up the Nexxen Way – the 3Cs: Customer Centric, Curious Mindset, Collaborative with No Ego.
Important Notice: Your Safety Matters
At Nexxen, we care about the well‑being of our employees. We will never request payment as a condition of employment, offer positions that require investment in vague schemes, or promote get‑rich‑quick opportunities. If you receive a suspicious message claiming to be from Nexxen, please contact infosec@nexxen.com to verify its legitimacy.
Senior Security Engineer to lead Identity & Data Security across Azure AD/Entra ID, AWS, and global data centers. You will consolidate identity, deploy PAM, automate authentication and access reviews, and drive data discovery/classification and lifecycle controls leveraging AI analytics to detect identity risk and strengthen data protection.
Location
Based in the New York office. Hybrid schedule – office three days a week and remote for the rest.
Responsibilities
Strategy and leadership: define roadmap for identity consolidation, PAM rollout, and data security maturity.
Establish identity/data control baselines, operational runbooks, and measurable SLAs.
Product, delivery, and value realization: deliver Azure AD consolidation, Conditional Access, MFA, PIM, and Azure AD/AWS SSO integration.
Implement PAM (CyberArk or Delinea) with JIT/JEA, session recording, and break‑glass procedures.
Operationalize access reviews and automate provisioning/deprovisioning and entitlement workflows.
Architecture and integrations: harden AWS orgs across ~30 accounts with SCPs, permission boundaries, and account vending patterns.
Standardize data discovery/classification, retention, encryption, key management, and tokenization across platforms.
Integrate Apono for database access governance; enforce auditable, least‑privilege access.
Security, risk, and compliance: monitor identity and data compliance; apply AI‑driven anomaly detection to reduce dwell time.
Partner with Compliance on evidence automation and control mapping for SOC 2/SOX/GDPR.
Support incident response for identity/data events; contribute to post‑incident improvements.
People leadership: enable Security Champions across engineering; deliver training and self‑service, secure access workflows.
Partner cross‑functionally with IT, Infrastructure, DB, and Data Engineering to scale operational adoption.
Qualifications
6+ years in Identity and Data Security within enterprise and cloud‑native environments.
Hands‑on expertise: Azure AD/Entra ID, Conditional Access, MFA, PIM; SCIM, OIDC, SAML; Okta or AWS IAM Identity Center.
PAM (CyberArk/Delinea); privileged workflows, credential rotation, session recording.
AWS IAM at scale: Organizations, Control Tower, SCPs, Access Analyzer; GuardDuty, Security Hub, Macie; KMS/HSM; CloudTrail/Config.
Data security: Microsoft Purview (classification/DLP), envelope encryption, S3/KMS policies, tokenization.
Automation: PowerShell, Python, Terraform; Graph API, AWS SDK; Step Functions/Lambda for access workflows.
Databases: PostgreSQL/Aurora/RDS hardening; short‑lived credentials; auditable RBAC/ABAC.
Proven delivery of identity consolidation, access review automation, and data lifecycle programs.
Collaborative communicator with strong stakeholder influence.
Analytical, detail‑oriented, and automation‑first mindset.
Ability to manage competing priorities and drive closure on complex issues.
Success Metrics
Identity consolidation milestones, PAM adoption, and access workflow automation rate.
Identity incident MTTR, access review completion, anomaly detection precision.
Reduced excessive privileges, SoD violation prevention, least‑privilege coverage.
Evidence completeness, audit readiness, and remediation SLAs met.
License utilization (PAM/SSO), reduced admin overhead via automation.
Champion engagement, training completion, cross‑team integration effectiveness.
Salary & Benefits Pay transparency and equity: minimum and maximum full‑time annual base salary for this role in New York is $150,000 – $170,000. Additional benefits include medical, dental, vision, disability insurance, 401(k), EAP, parental leave, unlimited vacation, and company‑paid holidays. Specific programs may vary by state, start date, and employment type.
#J-18808-Ljbffr