Senior Application Security Engineer

About TripleLift :

We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting.

Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses.

Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads.

Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.

As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion.

The Role :

TripleLift is seeking a Senior Application Security Engineer to join our team full-time.

We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry.

You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap.

Youll help drive improvements in our security operations capability and support critical projects, enhancing our detect-and-respond capabilities.

Responsibilities :

- Play a critical role in building and maintaining a global security compliance program based on NIST CSF.

- Scale application security by developing automated security testing utilizing enterprise SAST, DAST, and code-review tools.

- Champion SDLC to promote secure application development and infrastructure deployment and facilitate secure coding remediation activities.

- Automate security testing in CI/CD pipelines to detect vulnerabilities early.

- Coordinate with stakeholders to develop and implement a vulnerability management program and to perform threat-hunting activities.

- Monitor and respond to application-layer security threats like API abuses, business logic flaws, and common web vulnerabilities.

- Collaborate with product and engineering teams to ensure security is a key consideration in software design and architecture.

- Enhance application security posture by working with cross-function teams to implement proper authentication, authorization, and data protection mechanisms.

- Enhance and facilitate security incident handling activities.

- Evangelize security best practices and provide education and awareness to company employees.

- Develop and implement secure coding guidelines and conduct secure development training for engineers.

- Evaluate and continuously improve the maturity of the security program through the deployment and management of various security tools and processes.

Desired Skills And Attributes :

- 5+ years of experience in application security, secure software development, security engineering, or a similar role.

- Strong understanding of secure coding practices and ability to guide developers on remediation strategies.

- Experience with GitHub Advanced Security (GHAS), including Code Scanning (SAST), Secret Scanning, and Dependency Review.

- Proficiency in SAST, DAST, and SCA tools (e.g. , CodeQL, Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode).

- Hands-on experience integrating security testing tools into CI/CD pipelines for automated security scanning.

- Knowledge of common application security vulnerabilities and mitigations (OWASP Top 10, CWE, business logic flaws, API security).

- Ability to perform threat modeling and assess security risks in applications and services.

- Experience conducting security code reviews across various programming languages (e.g. , Python, Java, TypeScript, Go).

- Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of PCI, SOC2, HITRUST, ISO 27001/2, or similar.

- Understanding to securely manage cloud-native environments and the ability to deploy tools in these environments.

- Takes ownership of projects, works independently with minimal oversight, and delivers results in a fast-paced environment while balancing multiple priorities.

- Continuously learns, adapts, and values correctness, efficiency, and constructive feedback.

- Holds a Cybersecurity certification, e.g. , OSCP, GWAPT, CISSP, CISA, etc.