ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Lead Application Security Engineer

Confidential

Not specified permanent

Posted: February 25, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

The Lead Application Security Engineer is responsible for designing and implementing secure software solutions for media companies, working closely with clients to deliver innovative software that meets their revenue and business unit requirements, and ensuring compliance with industry standards.

Required Skills

Application Security SDLC Security Governance Vulnerability Management Penetration Testing Risk Management Security Review Secure Coding Standards Collaboration

Job Description

Company Overview 

300+ media companies as clients, $40+ billion in revenue processed, 25,000+ worldwide users 

Operative is a revenue accelerant for media companies around the world. No other software company in AdTech space, brings a comparable depth of experience to create truly innovative software that performs across all platforms, revenue models and business units. We are a SAAS (Software as a Service) platform which helps clients manage advertisements both in the linear (TV) and digital space. We have been in the market for over two decades and have 1100+ employees with 12 offices spread across the globe. Operative is proud to play a pivotal role in the way advertising is bought, sold and managed across the media industry. 

 
Lead Application Security Engineer  

Role Summary 

We are looking for a Lead Application Security Engineer who will be part of the Security Operations team, responsible for leading and enforcing application security across all our Linear and SaaS products. 
This role is part of Security team , not Engineering. 
The role will require to work closely with Engineering , Product,   and other relevant  teams.  
The Lead Application Security Engineer is responsible for embedding security into the SDLC and ensuring risk is identified, remediated, or formally accepted. 
Security review and sign-off are required prior to production release for high-risk features and material architectural changes. 

 

Responsibilities 

-Application Security Ownership (Operative Linear & SaaS Products) 
-Lead application security across all Linear and SaaS products, services, and APIs. 
-Act as the security authority in design and architecture discussions. 
-Define and enforce secure development standards across the SDLC. 
-Ensure security controls are implemented consistently across all products and services. 
- Lead the application pentesting across Operative’s products. 

 

Security Governance & Release Control 

-Establish mandatory security review gates within the SDLC and participate in engineering sprints as security champion. 
-Conduct security assessments for high-risk features, authentication flows, API’s, integrations, and architectural changes. 
-Provide formal security approval (sign-off) prior to production release as required. 
- Work collaboratively with DEV and QA team to provide solutions for security risk identified during SDLC lifecycle. 
-Coordinate formal risk acceptance with Security leadership when necessary. 

 

Secure SDLC & CI/CD Integration 

-Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, secrets scanning, IaC scanning). 
-Define and maintain secure coding standards and engineering guardrails. 
-Ensure security tooling produces actionable output and does not become noise. 
Continuously improve automation and coverage across code repositories and services. 

 

Vulnerability Management & Remediation Enforcement 

Lead application vulnerability management for all Linear and SaaS products. 
Open, track, and maintain remediation tickets with Engineering . 
Clearly document risk, severity, and remediation expectations. 
Enforce remediation timelines and escalate overdue critical issues. 
Validate remediation effectiveness before formal closure. 

 
AI Security  

-Work closely with the AI department to securely introduce AI-powered features into products. 
-Conduct security reviews of AI use cases, model integrations, and data flows. 
-Ensure proper data classification, access controls, and data minimization when integrating AI capabilities. 
-Assess risks related to prompt injection, data leakage, data poisoning , model abuse, excessive API exposure, and external AI integrations. 
-Define guardrails for AI feature deployment, including logging, monitoring, and abuse detection. 
-Require security validation before AI-driven features are released to production. 

 
API & Cloud Application Security 
Ensure proper authentication, authorization, and object-level access controls. 
Validate encryption, secrets management, and identity implementations. 
Partner with Cloud and Infrastructure teams to ensure secure deployment patterns. 

Reporting 

Provide monthly application security posture reports 
Maintain centralized vulnerability dashboard (SAST, DAST, SCA, Container, IaC) 
Create monthly reports on repos integration and CI/CD integration. 
Provide quarterly Secure SDLC maturity assessment 
Conduct monthly AppSec review with product teams 

 

Must-Have Skills 

Proven experience as an Application Security Engineer securing multiple product lines across diverse technology stacks, including   SaaS and non-SaaS  platforms. 
Strong understanding of secure software architecture and design. 
Hands-on experience with SAST, DAST, SCA, and CI/CD security integrations. 
Deep knowledge of OWASP and OWASP API Security. 
Experience assessing security risks in AI/ML or external AI integrations 
Experience leading threat modeling and design security reviews. 
Ability to review modern application code. 
Demonstrated ability to enforce and lead remediation with Engineering teams. 
Strong communication skills and ability to operate with authority. 

 

Reporting Structure 

This role reports to Security and operates independently from Engineering while collaborating closely with Architecture, Product, Ops and Development teams. 

 
Working Conditions 

This role requires active participation in release cycles, security reviews, and may support incident response activities when application-related risks arise and may require participation in an on-call rotation and the ability to respond to security incidents during non-standard hours. 

 

Why join us ? 

Operative is a technology-oriented product organization that believes in empowering its people 

We use the latest tech stack and empower our engineers to learn, work and ideate on new technologies available in the market 

We provide flexi work schedules and remote working to encourage work life balance 

We are an equal opportunities employer and recruit based on the experience and skill set. 

We offer a competitive salary and benefits package 

 

Please apply online and upload your CV. 

 

“Operative is a merit-first, equal opportunity employer; diverse applications are encouraged.” 

 

Operative cares about your privacy and protecting your data. By submitting an application for a position with Operative, you acknowledge that you have read the following and consent to how Operative treats your data: 1) the Candidate Privacy Policy available at https://www.operative.com/candidate-privacy-notice/ (or if you are a candidate from Israel the Candidate Privacy Notice (Israel), available at https://www.operative.com/candidate-privacy-notice-israel/, and 2) the Candidate Notice for Data Transfer and Retention available at https://www.operative.com/candidate-notice/.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply