Senior Application Security Engineer
TripleLift
Date: 16 hours ago
City: Pune, Maharashtra
Contract type: Full time

About TripleLift
We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.
As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com.
The Role
TripleLift is seeking a Senior Application Security Engineer to join our team full-time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects, enhancing our detect-and-respond capabilities.
Responsibilities
At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.
Learn more about TripleLift and our culture by visiting our LinkedIn Life page.
Establishing People, Culture and Community Initiatives
At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging.
Privacy Policy
Please see our Privacy Policies on our TripleLift and 1plusX websites.
TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.
We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.
As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com.
The Role
TripleLift is seeking a Senior Application Security Engineer to join our team full-time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects, enhancing our detect-and-respond capabilities.
Responsibilities
- Play a critical role in building and maintaining a global security compliance program based on NIST CSF.
- Scale application security by developing automated security testing utilizing enterprise SAST, DAST, and code-review tools
- Champion SDLC to promote secure application development and infrastructure deployment and facilitate secure coding remediation activities.
- Automate security testing in CI/CD pipelines to detect vulnerabilities early.
- Coordinate with stakeholders to develop and implement a vulnerability management program and to perform threat-hunting activities.
- Monitor and respond to application-layer security threats like API abuses, business logic flaws, and common web vulnerabilities.
- Collaborate with product and engineering teams to ensure security is a key consideration in software design and architecture.
- Enhance application security posture by working with cross-function teams to implement proper authentication, authorization, and data protection mechanisms.
- Enhance and facilitate security incident handling activities
- Evangelize security best practices and provide education and awareness to company employees. Develop and implement secure coding guidelines and conduct secure development training for engineers.
- Evaluate and continuously improve the maturity of the security program through the deployment and management of various security tools and processes.
- 5+ years of experience in application security, secure software development, security engineering, or a similar role
- Strong understanding of secure coding practices and ability to guide developers on remediation strategies.
- Experience with GitHub Advanced Security (GHAS), including Code Scanning (SAST), Secret Scanning, and Dependency Review.
- Proficiency in SAST, DAST, and SCA tools (e.g., CodeQL, Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode).
- Hands-on experience integrating security testing tools into CI/CD pipelines for automated security scanning.
- Knowledge of common application security vulnerabilities and mitigations (OWASP Top 10, CWE, business logic flaws, API security).
- Ability to perform threat modeling and assess security risks in applications and services.
- Experience conducting security code reviews across various programming languages (e.g., Python, Java, TypeScript, Go).
- Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of PCI, SOC2, HITRUST, ISO 27001/2, or similar
- Understanding to securely manage cloud-native environments and the ability to deploy tools in these environments.
- Takes ownership of projects, works independently with minimal oversight, and delivers results in a fast-paced environment while balancing multiple priorities.
- Continuously learns, adapts, and values correctness, efficiency, and constructive feedback.
- Holds a Cybersecurity certification, e.g., OSCP, GWAPT, CISSP, CISA, etc.
At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.
Learn more about TripleLift and our culture by visiting our LinkedIn Life page.
Establishing People, Culture and Community Initiatives
At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging.
Privacy Policy
Please see our Privacy Policies on our TripleLift and 1plusX websites.
TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Sr. Firmware Engineer
Emerson,
Pune, Maharashtra
17 hours ago
Job DescriptionAa a Senior Engineer, You will: Working with geographically distributed stakeholder organization to capture requirements and develop and define firmware architecture for embedded systems.Create and maintain detailed documentation of firmware architecture, design, and code.Demonstrate a hands-on technical background; excellent C programming and embedded code in compliance with coding standards and best practices, low level device driver development experience.Familiarity with...

Integers.Ai - Senior Software Engineer - React.js/TypeScript
Integers.Ai,
Pune, Maharashtra
20 hours ago
Job Description : Senior Software Engineer (Frontend Developer)Job Title : Senior Software Engineer (Frontend Developer)Location : Pune, Maharashtra (Onsite)Experience : 3 to 5 yearsAbout The RoleWe are looking for a talented and motivated Frontend Developer to join our growing team in Pune. As a key member of our development team, you will be responsible for designing and implementing responsive and...

Financial Analyst
Atlas Copco,
Pune, Maharashtra
3 days ago
Our solutions are a key part of most industries - electronics, medical research, renewable energy, food production, infrastructure and many more. Working with us means working with the latest technologies and groundbreaking, sustainable innovations.Join us on our journey for a better tomorrow.Job Title: Financial AnalystJoin our dynamic and innovative team at Atlas Copco (India) Private Ltd. in Pune, where you...
