Senior Application Security Engineer

The Role

TripleLift is seeking a Senior Application Security Engineer to join our team full-time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects, enhancing our detect-and-respond capabilities.

Responsibilities

• Play a critical role in building and maintaining a global security compliance program based on NIST CSF.
• Scale application security by developing automated security testing utilizing enterprise SAST, DAST, and code-review tools
• Champion SDLC to promote secure application development and infrastructure deployment and facilitate secure coding remediation activities.
• Automate security testing in CI/CD pipelines to detect vulnerabilities early.
• Coordinate with stakeholders to develop and implement a vulnerability management program and to perform threat-hunting activities.
• Monitor and respond to application-layer security threats like API abuses, business logic flaws, and common web vulnerabilities.
• Collaborate with product and engineering teams to ensure security is a key consideration in software design and architecture.
• Enhance application security posture by working with cross-function teams to implement proper authentication, authorization, and data protection mechanisms.
• Enhance and facilitate security incident handling activities
• Evangelize security best practices and provide education and awareness to company employees. Develop and implement secure coding guidelines and conduct secure development training for engineers.
• Evaluate and continuously improve the maturity of the security program through the deployment and management of various security tools and processes.

Desired Skills and Attributes

• 5+ years of experience in application security, secure software development, security engineering, or a similar role
• Strong understanding of secure coding practices and ability to guide developers on remediation strategies.
• Experience with GitHub Advanced Security (GHAS), including Code Scanning (SAST), Secret Scanning, and Dependency Review.
• Proficiency in SAST, DAST, and SCA tools (e.g., CodeQL, Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode).
• Hands-on experience integrating security testing tools into CI/CD pipelines for automated security scanning.
• Knowledge of common application security vulnerabilities and mitigations (OWASP Top 10, CWE, business logic flaws, API security).
• Ability to perform threat modeling and assess security risks in applications and services.
• Experience conducting security code reviews across various programming languages (e.g., Python, Java, TypeScript, Go).
• Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of PCI, SOC2, HITRUST, ISO 27001/2, or similar
• Understanding to securely manage cloud-native environments and the ability to deploy tools in these environments.
• Takes ownership of projects, works independently with minimal oversight, and delivers results in a fast-paced environment while balancing multiple priorities.
• Continuously learns, adapts, and values correctness, efficiency, and constructive feedback.
• Holds a Cybersecurity certification, e.g., OSCP, GWAPT, CISSP, CISA, etc.

#LI-CS1