Senior Security Engineer

Nexxen•New York, NY

50d•Hybrid

About The Position

Flexible advertising, unified by data. Nexxen empowers advertisers, agencies, publishers and broadcasters around the world to utilize data and advanced TV in the ways that are most meaningful to them. Our flexible and unified technology stack comprises a demand-side platform ("DSP") and supply-side platform ("SSP"), with the Nexxen Data Platform at its core. With a global footprint, you can be part of a team that is transforming advertising through our creative, flexible and unified solutions. Employees hustle, commit and dedicate themselves to pillars that make up the Nexxen Way - the 3Cs - Customer Centric, Curious Mindset, Collaborative with No Ego. Nexxen is seeking a Senior Security Engineer to lead Identity & Data Security across Azure AD/Entra ID, AWS, and global data centers. You will consolidate identity, deploy PAM, automate authentication and access reviews, and drive data discovery/classification and lifecycle controls - leveraging AI analytics to detect identity risk and strengthen data protection. This role will lead identity governance (Azure AD/Entra ID, SSO, access reviews), privileged access management, AWS IAM at scale, and enterprise data security (classification, retention, encryption, DLP). This role will also partner with IT on lifecycle automation, with Infrastructure/Network on segmentation and logging, with DB/Data Engineering on access governance and lineage, and with Compliance on SOC 2/SOX/GDPR and AI usage governance. This role will be based in the New York office. Our team follows a hybrid schedule, working in the office three days a week and remotely for the rest.

Requirements

6-10+ years in Identity and Data Security within enterprise and cloud-native environments.
Hands-on expertise with: Azure AD/Entra ID, Conditional Access, MFA, PIM; SCIM, OIDC, SAML; Okta or AWS IAM Identity Center.
PAM (CyberArk/Delinea); privileged workflows, credential rotation, and session recording.
AWS IAM at scale (Organizations, Control Tower, SCPs, Access Analyzer); GuardDuty, Security Hub, Macie; KMS/HSM; CloudTrail/Config.
Data security: Microsoft Purview (classification/DLP), envelope encryption, S3/KMS policies, tokenization.
Automation: PowerShell, Python, Terraform; Graph API, AWS SDK; Step Functions/Lambda for access workflows.
Databases: PostgreSQL/Aurora/RDS hardening; short-lived credentials; auditable RBAC/ABAC.
Proven delivery of identity consolidation, access review automation, and data lifecycle programs.
Collaborative communicator with strong stakeholder influence.
Analytical, detail-oriented, and automation-first mindset.
Ability to manage competing priorities and drive closure on complex issues.

Responsibilities

Define the roadmap for identity consolidation, PAM rollout, and data security maturity.
Establish identity/data control baselines, operational runbooks, and measurable SLAs.
Deliver Azure AD consolidation, Conditional Access, MFA, PIM, and Azure AD/AWS SSO integration.
Implement PAM (CyberArk or Delinea) with JIT/JEA, session recording, and break-glass procedures.
Operationalize access reviews and automate provisioning/deprovisioning and entitlement workflows.
Harden AWS orgs across ~30 accounts with SCPs, permission boundaries, and account vending patterns.
Standardize data discovery/classification, retention, encryption, key management, and tokenization across platforms.
Integrate Apono for database access governance; enforce auditable, least-privilege access.
Monitor identity and data compliance; apply AI-driven anomaly detection to reduce dwell time.
Partner with Compliance on evidence automation and control mapping for SOC 2/SOX/GDPR.
Support incident response for identity/data events; contribute to post-incident improvements.
Enable Security Champions across engineering; deliver training and self-service, secure access workflows.
Partner cross-functionally with IT, Infrastructure, DB, and Data Engineering to scale operational adoption.