Senior Security Engineer

Who is Nexxen
Flexible advertising unified by data. Nexxen empowers advertisers agencies publishers and broadcasters around the world to utilize data and advanced TV in the ways that are most meaningful to them. Our flexible and unified technology stack comprises a demand-side platform (DSP) and supply-side platform (SSP) with the Nexxen Data Platform at its core.

Why join the Nexxen team
With a global footprint you can be part of a team that is transforming advertising through our creative flexible and unified solutions. Employees hustle commit and dedicate themselves to pillars that make up the Nexxen Way the 3Cs - Customer Centric Curious Mindset Collaborative with No Ego.

Important Notice from Nexxen: Your Safety Matters

At Nexxen we care about the well-being of our current and future employees. We are aware of the growing number of online scams and fraudulent job postings and we urge all job seekers to remain vigilant. Please be advised that Nexxen will never request payment (whether in cash cryptocurrency or any other form) as a condition of employment offer positions that require you to invest in vague or dubious financial schemes or promote roles that resemble get-rich-quick opportunities. If you receive a suspicious message claiming to be from Nexxen or encounter a questionable job posting associated with our name please contact us at infosec@nexxen.com to verify its legitimacy. Your trust is important to us. Stay safe and informed.

Nexxen Fraud Alert and Notice: Protect Yourself from Impersonation and Fraudulent Activity

Nexxen is seeking a Senior Security Engineer to lead Identity & Data Security across Azure AD/Entra ID AWS and global data centers. You will consolidate identity deploy PAM automate authentication and access reviews and drive data discovery/classification and lifecycle controls leveraging AI analytics to detect identity risk and strengthen data protection.

This role will lead identity governance (Azure AD/Entra ID SSO access reviews) privileged access management AWS IAM at scale and enterprise data security (classification retention encryption DLP). This role will also partner with IT on lifecycle automation with Infrastructure/Network on segmentation and logging with DB/Data Engineering on access governance and lineage and with Compliance on SOC 2/SOX/GDPR and AI usage governance.

This role will be based in the New Yorkoffice. Our team follows a hybrid schedule working in the office three days a week and remotely for the rest.

Each day can be different here at Nexxen but some of the things you can expect to be doing daily are:

What Youll Do

• Strategy and leadership
• Define the roadmap for identity consolidation PAM rollout and data security maturity.
• Establish identity/data control baselines operational runbooks and measurable SLAs.
• Product delivery and value realization
• Deliver Azure AD consolidation Conditional Access MFA PIM and Azure AD/AWS SSO integration.
• Implement PAM (CyberArk or Delinea) with JIT/JEA session recording and break-glass procedures.
• Operationalize access reviews and automate provisioning/deprovisioning and entitlement workflows.
• Architecture and integrations
• Harden AWS orgs across 30 accounts with SCPs permission boundaries and account vending patterns.
• Standardize data discovery/classification retention encryption key management and tokenization across platforms.
• Integrate Apono for database access governance; enforce auditable least-privilege access.
• Security risk and compliance
• Monitor identity and data compliance; apply AI-driven anomaly detection to reduce dwell time.
• Partner with Compliance on evidence automation and control mapping for SOC 2/SOX/GDPR.
• Support incident response for identity/data events; contribute to post-incident improvements.
• People leadership
• Enable Security Champions across engineering; deliver training and self-service secure access workflows.
• Partner cross-functionally with IT Infrastructure DB and Data Engineering to scale operational adoption.

What Youll Bring

• 610 years in Identity and Data Security within enterprise and cloud-native environments.
• Hands-on expertise with: Azure AD/Entra ID Conditional Access MFA PIM; SCIM OIDC SAML; Okta or AWS IAM Identity Center.
• PAM (CyberArk/Delinea); privileged workflows credential rotation and session recording.
• AWS IAM at scale (Organizations Control Tower SCPs Access Analyzer); GuardDuty Security Hub Macie; KMS/HSM; CloudTrail/Config.
• Data security: Microsoft Purview (classification/DLP) envelope encryption S3/KMS policies tokenization.
• Automation: PowerShell Python Terraform; Graph API AWS SDK; Step Functions/Lambda for access workflows.
• Databases: PostgreSQL/Aurora/RDS hardening; short-lived credentials; auditable RBAC/ABAC.
• Proven delivery of identity consolidation access review automation and data lifecycle programs.
• Collaborative communicator with strong stakeholder influence.
• Analytical detail-oriented and automation-first mindset.
• Ability to manage competing priorities and drive closure on complex issues.

Success metrics (KPIs)

• Delivery: Identity consolidation milestones PAM adoption and access workflow automation rate.
• Reliability/quality: Identity incident MTTR access review completion anomaly detection precision.
• Business impact: Reduced excessive privileges SoD violation prevention and least-privilege coverage.
• Compliance: Evidence completeness audit readiness and remediation SLAs met.
• Financials: License utilization (PAM/SSO) reduced admin overhead via automation.
• Team: Champion engagement training completion and cross-team integration effectiveness.

In support of pay transparency and equity the minimum and maximum full-time annual base salary for this role in New York is $150000 - 170000 the time of posting. While this is our reasonable expectation this is not a guarantee of compensation or salary actual compensation is influenced by a wide range of factors including but not limited to skill set level of experience education certifications responsibility and geographic location. Candidates hired to work in other locations will be subject to the pay range associated with that location. We offer a variety of benefits including medical dental vision disability insurance 401(k) EAP parental leave unlimited vacation and company-paid holidays. The specific programs and options available will vary depending on the state start date and employment type. Our Talent Acquisition team will be happy to answer any questions you may have.

#LI-KN1

#LI-Hybrid

For information about how we handle your personal information please view our Applicant and Candidate Privacy Notice