Lead the design, planning, and delivery of security projects spanning cloud infrastructure (primarily Azure), web application security, secure coding practices, application code reviews, GenAI/Agentic AI security controls, and security for global, multi-region/diverse infrastructure.
Coordinate closely with engineering, architecture, DevOps, product, and international teams to define requirements, align dependencies, and drive risk reduction through mature security practices.
Perform hands-on implementation, automation, and maintenance of security solutions, including vulnerability management, policy-as-code, automated remediation workflows, secure-by-design frameworks, web application firewalls, code scanning, and runtime protection.
Provide technical coordination on securing web applications (e.g., OWASP Top 10 mitigation, secure headers, input validation), application code (secure coding standards, SAST/DAST/IAST integration), threat modeling (e.g., STRIDE), SDLC security integration, and compliance with SOC 2, ISO 27001, and UK GDPR requirements.
Ensure security controls and processes support global operations, including data sovereignty, cross-border data flows, and regional regulatory variations under UK GDPR.
Socialize security best practices, facilitate knowledge transfer, and build collaborative relationships to embed security throughout the development and deployment lifecycle.
Drive full solution delivery and implementation of tools that enable secure development, web application protection, and operational security at scale.
Balance multiple priorities, overcome obstacles, and maintain structured delivery in a fast-paced, globally distributed environment.

Requirements

8+ years in systems/security engineering, application security, web application security, or software security, with combined experience in software development and security practices.
5+ years hands-on with Microsoft Azure (IaaS/PaaS, Entra ID, networking, AKS, App Services, policy, etc.).
Strong expertise in container security (Docker, Kubernetes/AKS), infrastructure-as-code (Terraform required; ARM, Azure CLI, PowerShell preferred), and web application security tools/techniques.
Broad exposure across infrastructure, web applications, application code, and AI/ML security; subject-matter expertise in at least 1–2 areas (e.g., cloud platform security, secure SDLC, web app protection, or GenAI/agentic AI controls).
Proven track record in technical project delivery: solution design, implementation planning, requirements gathering, dependency management, stakeholder alignment, and operational execution in global environments.
Experience with secure development practices (OWASP, threat modeling, SAMM/BSIMM, Agile SDLC), application code security (SAST/DAST, secure coding reviews), and modern tooling/workflows (GitHub Actions, CI/CD security).
Excellent communication, relationship-building, and influencing skills; able to translate technical risk into business context for diverse global stakeholders.
Self-starter with strong analytical, problem-solving, and prioritization abilities.

Benefits

Free premium medical, dental, life and vision insurance
Generous 401(k) match
Aya also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonuses
Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya’s general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling
Celebrations! We hit our goals and reward ourselves.
Company-sponsored virtual events, happy hours and team-building activities are always on the horizon — plus, you get a special treat on your birthday!
Unlimited DTO — we believe in time off!
Virtual yoga, meditation or boot camp classes offered daily

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringapplication securityweb application securitysecure coding practicesvulnerability managementpolicy-as-codeinfrastructure-as-codecontainer securitythreat modelingsecure SDLC

Soft Skills

communicationrelationship-buildinginfluencinganalyticalproblem-solvingprioritizationcollaborationknowledge transferrisk reductionstructured delivery

Certifications

SOC 2ISO 27001UK GDPR