Startup Jobs
Post a Job
Operative

Lead Application Security Engineer

full-time Remote

Company Overview 

300+ media companies as clients, $40+ billion in revenue processed, 25,000+ worldwide users 

Operative is a revenue accelerant for media companies around the world. No other software company in AdTech space, brings a comparable depth of experience to create truly innovative software that performs across all platforms, revenue models and business units. We are a SAAS (Software as a Service) platform which helps clients manage advertisements both in the linear (TV) and digital space. We have been in the market for over two decades and have 1100+ employees with 12 offices spread across the globe. Operative is proud to play a pivotal role in the way advertising is bought, sold and managed across the media industry. 

 
Lead Application Security Engineer  

Role Summary 

We are looking for a Lead Application Security Engineer who will be part of the Security Operations team, responsible for leading and enforcing application security across all our Linear and SaaS products. 
This role is part of Security team , not Engineering. 
The role will require to work closely with Engineering , Product,   and other relevant  teams 
The Lead Application Security Engineer is responsible for embedding security into the SDLC and ensuring risk is identified, remediated, or formally accepted. 
Security review and sign-off are required prior to production release for high-risk features and material architectural changes. 

 

Responsibilities 

-Application Security Ownership (Operative Linear & SaaS Products) 
-Lead application security across all Linear and SaaS products, services, and APIs. 
-Act as the security authority in design and architecture discussions. 
-Define and enforce secure development standards across the SDLC. 
-Ensure security controls are implemented consistently across all products and services. 
- Lead the application pentesting across Operative’s products. 

 

Security Governance & Release Control 

-Establish mandatory security review gates within the SDLC and participate in engineering sprints as security champion. 
-Conduct security assessments for high-risk features, authentication flows, API’s, integrations, and architectural changes. 
-Provide formal security approval (sign-off) prior to production release as required. 
- Work collaboratively with DEV and QA team to provide solutions for security risk identified during SDLC lifecycle. 
-Coordinate formal risk acceptance with Security leadership when necessary. 

 

Secure SDLC & CI/CD Integration 

-Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, secrets scanning, IaC scanning). 
-Define and maintain secure coding standards and engineering guardrails. 
-Ensure security tooling produces actionable output and does not become noise. 
Continuously improve automation and coverage across code repositories and services. 

 

Vulnerability Management & Remediation Enforcement 

Lead application vulnerability management for all Linear and SaaS products. 
Open, track, and maintain remediation tickets with Engineering . 
Clearly document risk, severity, and remediation expectations. 
Enforce remediation timelines and escalate overdue critical issues. 
Validate remediation effectiveness before formal closure. 

 
AI Security  

-Work closely with the AI department to securely introduce AI-powered features into products. 
-Conduct security reviews of AI use cases, model integrations, and data flows. 
-Ensure proper data classification, access controls, and data minimization when integrating AI capabilities. 
-Assess risks related to prompt injection, data leakage, data poisoning , model abuse, excessive API exposure, and external AI integrations. 
-Define guardrails for AI feature deployment, including logging, monitoring, and abuse detection. 
-Require security validation before AI-driven features are released to production. 


 
API & Cloud Application Security 
Ensure proper authentication, authorization, and object-level access controls. 
Validate encryption, secrets management, and identity implementations. 
Partner with Cloud and Infrastructure teams to ensure secure deployment patterns. 


Reporting 

Provide monthly application security posture reports 
Maintain centralized vulnerability dashboard (SAST, DAST, SCA, Container, IaC) 
Create monthly reports on repos integration and CI/CD integration. 
Provide quarterly Secure SDLC maturity assessment 
Conduct monthly AppSec review with product teams 

 

Must-Have Skills 

Proven experience as an Application Security Engineer securing multiple product lines across diverse technology stacks, including   SaaS and non-SaaS  platforms. 
Strong understanding of secure software architecture and design. 
Hands-on experience with SAST, DAST, SCA, and CI/CD security integrations. 
Deep knowledge of OWASP and OWASP API Security. 
Experience assessing security risks in AI/ML or external AI integrations 
Experience leading threat modeling and design security reviews. 
Ability to review modern application code. 
Demonstrated ability to enforce and lead remediation with Engineering teams. 
Strong communication skills and ability to operate with authority. 

 

Reporting Structure 

This role reports to Security and operates independently from Engineering while collaborating closely with Architecture, Product, Ops and Development teams. 

 
Working Conditions 

This role requires active participation in release cycles, security reviews, and may support incident response activities when application-related risks arise and may require participation in an on-call rotation and the ability to respond to security incidents during non-standard hours. 

 

Why join us ? 

  • Operative is a technology-oriented product organization that believes in empowering its people 
  • We use the latest tech stack and empower our engineers to learn, work and ideate on new technologies available in the market 
  • We provide flexi work schedules and remote working to encourage work life balance 
  • We are an equal opportunities employer and recruit based on the experience and skill set. 
  • We offer a competitive salary and benefits package 

 

Please apply online and upload your CV. 

 

“Operative is a merit-first, equal opportunity employer; diverse applications are encouraged.” 

 

Operative cares about your privacy and protecting your data. By submitting an application for a position with Operative, you acknowledge that you have read the following and consent to how Operative treats your data: 1) the Candidate Privacy Policy available at https://www.operative.com/candidate-privacy-notice/ (or if you are a candidate from Israel the Candidate Privacy Notice (Israel), available at https://www.operative.com/candidate-privacy-notice-israel/, and 2) the Candidate Notice for Data Transfer and Retention available at https://www.operative.com/candidate-notice/. 

 

 Operative
View all jobs
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Application Security Engineer Q&A's
Report this job
Apply for this job