Sr. Security Engineer (Security Program Delivery)

Aya Healthcare

13h

About The Position

Join Aya Healthcare, winner of multiple Top Workplace awards! We are seeking a hands-on Senior Security Engineer to drive the design, delivery, and maturation of security capabilities across infrastructure, web applications, application code, emerging AI technologies, and global diverse infrastructure. Reporting to security leadership, this individual contributor role combines deep technical expertise with strong program delivery and cross-team coordination skills. The primary focus is on bridging the gap in solution design and end-to-end project execution while remaining technically engaged in security implementation and remediation. This role requires experience ensuring compliance with standards such as SOC 2, ISO 27001, and UK GDPR in a globally distributed environment. This is not a people-management position, but the role requires operational program management competencies to orchestrate initiatives, set requirements, manage dependencies, and ensure successful outcomes. Who We Are: We’re a $8+ billion, rapidly growing workforce solutions provider in the healthcare industry. We deliver tech-enabled services that help healthcare organizations meet and manage their contingent labor needs. We build and manage tech-enabled marketplaces for national and local healthcare talent and deliver contingent labor management solutions through our proprietary software platform. At Aya, we’re obsessed with creating exceptional experiences for our clients, clinicians, and employees. In fact, we put employee satisfaction above all else. Our team members are responsible for incomparable customer experience and we know that happy employees are critical to maintaining happy clients. We foster an entrepreneurial, high-energy, low-bureaucracy culture and value innovative thinking and creative problem-solving. We embrace diversity in thought and backgrounds unified by a commitment to high achievement. When you join Aya, you’ll be surrounded by teammates who care about you as an individual and leaders who will help you grow both personally and professionally.

Requirements

8+ years in systems/security engineering, application security, web application security, or software security, with combined experience in software development and security practices.
5+ years hands-on with Microsoft Azure (IaaS/PaaS, Entra ID, networking, AKS, App Services, policy, etc.).
Strong expertise in container security (Docker, Kubernetes/AKS), infrastructure-as-code (Terraform required; ARM, Azure CLI, PowerShell preferred), and web application security tools/techniques.
Broad exposure across infrastructure, web applications, application code, and AI/ML security; subject-matter expertise in at least 1–2 areas (e.g., cloud platform security, secure SDLC, web app protection, or GenAI/agentic AI controls).
Proven track record in technical project delivery: solution design, implementation planning, requirements gathering, dependency management, stakeholder alignment, and operational execution in global environments.
Experience with secure development practices (OWASP, threat modeling, SAMM/BSIMM, Agile SDLC), application code security (SAST/DAST, secure coding reviews), and modern tooling/workflows (GitHub Actions, CI/CD security).
Excellent communication, relationship-building, and influencing skills; able to translate technical risk into business context for diverse global stakeholders.
Self-starter with strong analytical, problem-solving, and prioritization abilities.

Nice To Haves

Relevant certifications (Azure Security Engineer, CISSP, CSSLP, CISM, etc.).
Experience building or supporting Security Champions programs.
Hands-on experience with multi-cloud or hybrid environments supporting global infrastructure.

Responsibilities

Lead the design, planning, and delivery of security projects spanning cloud infrastructure (primarily Azure), web application security, secure coding practices, application code reviews, GenAI/Agentic AI security controls, and security for global, multi-region/diverse infrastructure.
Coordinate closely with engineering, architecture, DevOps, product, and international teams to define requirements, align dependencies, and drive risk reduction through mature security practices.
Perform hands-on implementation, automation, and maintenance of security solutions, including vulnerability management, policy-as-code, automated remediation workflows, secure-by-design frameworks, web application firewalls, code scanning, and runtime protection.
Provide technical coordination on securing web applications (e.g., OWASP Top 10 mitigation, secure headers, input validation), application code (secure coding standards, SAST/DAST/IAST integration), threat modeling (e.g., STRIDE), SDLC security integration, and compliance with SOC 2, ISO 27001, and UK GDPR requirements.
Ensure security controls and processes support global operations, including data sovereignty, cross-border data flows, and regional regulatory variations under UK GDPR.
Socialize security best practices, facilitate knowledge transfer, and build collaborative relationships to embed security throughout the development and deployment lifecycle.
Drive full solution delivery and implementation of tools that enable secure development, web application protection, and operational security at scale.
Balance multiple priorities, overcome obstacles, and maintain structured delivery in a fast-paced, globally distributed environment.

Benefits

Free premium medical, dental, life and vision insurance
Generous 401(k) match
Aya also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonuses
Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya’s general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling
Celebrations! We hit our goals and reward ourselves.
Company-sponsored virtual events, happy hours and team-building activities are always on the horizon — plus, you get a special treat on your birthday!
Unlimited DTO — we believe in time off!
Virtual yoga, meditation or boot camp classes offered daily

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume