Senior Security Engineer

Who is Nexxen?   
Flexible advertising, unified by data. Nexxen empowers advertisers, agencies, publishers and broadcasters around the world to utilize data and advanced TV in the ways that are most meaningful to them. Our flexible and unified technology stack comprises a demand-side platform (“DSP”) and supply-side platform (“SSP”), with the Nexxen Data Platform at its core. 

Why join the Nexxen team? 
With a global footprint, you can be part of a team that is transforming advertising through our creative, flexible and unified solutions. Employees hustle, commit and dedicate themselves to pillars that make up the Nexxen Way – the 3Cs - Customer Centric, Curious Mindset, Collaborative with No Ego.

Important Notice from Nexxen: Your Safety Matters 

At Nexxen, we care about the well-being of our current and future employees. We are aware of the growing number of online scams and fraudulent job postings, and we urge all job seekers to remain vigilant. Please be advised that Nexxen will never request payment (whether in cash, cryptocurrency, or any other form) as a condition of employment, offer positions that require you to invest in vague or dubious financial schemes, or promote roles that resemble get-rich-quick opportunities.  If you receive a suspicious message claiming to be from Nexxen or encounter a questionable job posting associated with our name, please contact us at  infosec@nexxen.com to verify its legitimacy. Your trust is important to us. Stay safe and informed.  

Nexxen Fraud Alert and Notice: Protect Yourself from Impersonation and Fraudulent Activity

Nexxen is seeking a Senior Security Engineer to lead Identity & Data Security across Azure AD/Entra ID, AWS, and global data centers. You will consolidate identity, deploy PAM, automate authentication and access reviews, and drive data discovery/classification and lifecycle controls — leveraging AI analytics to detect identity risk and strengthen data protection. 

This role will lead identity governance (Azure AD/Entra ID, SSO, access reviews), privileged access management, AWS IAM at scale, and enterprise data security (classification, retention, encryption, DLP).  This role will also partner with IT on lifecycle automation, with Infrastructure/Network on segmentation and logging, with DB/Data Engineering on access governance and lineage, and with Compliance on SOC 2/SOX/GDPR and AI usage governance. 

This role will be based in the New York office. Our team follows a hybrid schedule, working in the office three days a week and remotely for the rest.    

Each day can be different here at Nexxen, but some of the things you can expect to be doing daily are: 

What You’ll Do

• Strategy and leadership 
• Define the roadmap for identity consolidation, PAM rollout, and data security maturity.
• Establish identity/data control baselines, operational runbooks, and measurable SLAs.
• Product, delivery, and value realization  
• Deliver Azure AD consolidation, Conditional Access, MFA, PIM, and Azure AD/AWS SSO integration.
• Implement PAM (CyberArk or Delinea) with JIT/JEA, session recording, and break-glass procedures.
• Operationalize access reviews and automate provisioning/deprovisioning and entitlement workflows.
• Architecture and integrations  
• Harden AWS orgs across ~30 accounts with SCPs, permission boundaries, and account vending patterns.
• Standardize data discovery/classification, retention, encryption, key management, and tokenization across platforms.
• Integrate Apono for database access governance; enforce auditable, least-privilege access.
• Security, risk, and compliance  
• Monitor identity and data compliance; apply AI-driven anomaly detection to reduce dwell time.
• Partner with Compliance on evidence automation and control mapping for SOC 2/SOX/GDPR.
• Support incident response for identity/data events; contribute to post-incident improvements.
• People leadership  
• Enable Security Champions across engineering; deliver training and self-service, secure access workflows.
• Partner cross-functionally with IT, Infrastructure, DB, and Data Engineering to scale operational adoption. 

What You’ll Bring

• 6–10+ years in Identity and Data Security within enterprise and cloud-native environments.
• Hands-on expertise with:  Azure AD/Entra ID, Conditional Access, MFA, PIM; SCIM, OIDC, SAML; Okta or AWS IAM Identity Center.
• PAM (CyberArk/Delinea); privileged workflows, credential rotation, and session recording.
• AWS IAM at scale (Organizations, Control Tower, SCPs, Access Analyzer); GuardDuty, Security Hub, Macie; KMS/HSM; CloudTrail/Config.
• Data security: Microsoft Purview (classification/DLP), envelope encryption, S3/KMS policies, tokenization.
• Automation: PowerShell, Python, Terraform; Graph API, AWS SDK; Step Functions/Lambda for access workflows.
• Databases: PostgreSQL/Aurora/RDS hardening; short-lived credentials; auditable RBAC/ABAC.
• Proven delivery of identity consolidation, access review automation, and data lifecycle programs.
• Collaborative communicator with strong stakeholder influence.
• Analytical, detail-oriented, and automation-first mindset.
• Ability to manage competing priorities and drive closure on complex issues. 

Success metrics (KPIs) 

• Delivery: Identity consolidation milestones, PAM adoption, and access workflow automation rate.
• Reliability/quality: Identity incident MTTR, access review completion, anomaly detection precision.
• Business impact: Reduced excessive privileges, SoD violation prevention, and least-privilege coverage.
• Compliance: Evidence completeness, audit readiness, and remediation SLAs met.
• Financials: License utilization (PAM/SSO), reduced admin overhead via automation.
• Team: Champion engagement, training completion, and cross-team integration effectiveness. 

In support of pay transparency and equity, the minimum and maximum full-time annual base salary for this role in New York is $150,000 - 170,000 the time of posting. While this is our reasonable expectation this is not a guarantee of compensation or salary, actual compensation is influenced by a wide range of factors including but not limited to skill set, level of experience, education, certifications, responsibility, and geographic location. Candidates hired to work in other locations will be subject to the pay range associated with that location. We offer a variety of benefits, including medical, dental, vision, disability insurance, 401(k), EAP, parental leave, unlimited vacation, and company-paid holidays. The specific programs and options available will vary depending on the state, start date, and employment type. Our Talent Acquisition team will be happy to answer any questions you may have. 

#LI-KN1

#LI-Hybrid

For information about how we handle your personal information please view our Applicant and Candidate Privacy Notice