Senior Application Security Engineer

About TripleLift

We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.

As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at

The Role

TripleLift is seeking a Senior Application Security Engineer to join our team full-time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You'll help drive improvements in our security operations capability and support critical projects, enhancing our detect-and-respond capabilities.

Responsibilities

• Play a critical role in building and maintaining a global security compliance program based on NIST CSF.
• Scale application security by developing automated security testing utilizing enterprise SAST, DAST, and code-review tools
• Champion SDLC to promote secure application development and infrastructure deployment and facilitate secure coding remediation activities.
• Automate security testing in CI/CD pipelines to detect vulnerabilities early.
• Coordinate with stakeholders to develop and implement a vulnerability management program and to perform threat-hunting activities.
• Monitor and respond to application-layer security threats like API abuses, business logic flaws, and common web vulnerabilities.
• Collaborate with product and engineering teams to ensure security is a key consideration in software design and architecture.
• Enhance application security posture by working with cross-function teams to implement proper authentication, authorization, and data protection mechanisms.
• Enhance and facilitate security incident handling activities
• Evangelize security best practices and provide education and awareness to company employees. Develop and implement secure coding guidelines and conduct secure development training for engineers.
• Evaluate and continuously improve the maturity of the security program through the deployment and management of various security tools and processes.

Desired Skills and Attributes

• 5+ years of experience in application security, secure software development, security engineering, or a similar role
• Strong understanding of secure coding practices and ability to guide developers on remediation strategies.
• Experience with GitHub Advanced Security (GHAS), including Code Scanning (SAST), Secret Scanning, and Dependency Review.
• Proficiency in SAST, DAST, and SCA tools (e.g., CodeQL, Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode).
• Hands-on experience integrating security testing tools into CI/CD pipelines for automated security scanning.
• Knowledge of common application security vulnerabilities and mitigations (OWASP Top 10, CWE, business logic flaws, API security).
• Ability to perform threat modeling and assess security risks in applications and services.
• Experience conducting security code reviews across various programming languages (e.g., Python, Java, TypeScript, Go).
• Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of PCI, SOC2, HITRUST, ISO 27001/2, or similar
• Understanding to securely manage cloud-native environments and the ability to deploy tools in these environments.
• Takes ownership of projects, works independently with minimal oversight, and delivers results in a fast-paced environment while balancing multiple priorities.
• Continuously learns, adapts, and values correctness, efficiency, and constructive feedback.
• Holds a Cybersecurity certification, e.g., OSCP, GWAPT, CISSP, CISA, etc.

#LI-CS1

Life at TripleLift

At TripleLift, we're a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.

Learn more about TripleLift and our culture by visiting our LinkedIn Life page.

Establishing People, Culture and Community Initiatives

At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging.

Privacy Policy

Please see our Privacy Policies on our TripleLift and 1plusX websites.

TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.