Security Engineer (GRC)
We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.
As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com.
TripleLift is seeking a Security Engineer to join our team full time. We are a fast-growing startup in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities.
- Play a critical role in building and maintaining a global security compliance program based on NIST CSF
- Develop and maintain security policy documentation, ensuring adherence with any updates to legal and contractual obligations
- Perform internal security risk assessments, as well as external vendor assessments, and facilitate remediation activities
- Fulfill partner requests for security due diligence questionnaires and audits
- Develop and implement process improvements around threat modeling and vulnerability assessments of applications and infrastructure
- Champion SDLC to promote secure application development and infrastructure deployment, and facilitate secure-coding remediation activities
- Scale application security by developing automated security testing utilizing enterprise SAST, DAST, and code-review tools
- Assess and improve security posture of cloud-based infrastructure
- Create and manage security procedure documentation
- Evangelize security best practices and provide education and awareness to company employees
- Participate in security incident handling activities
- Evaluate and continuously improve the maturity of the security program through deployment and management of various GRC tools and processes e.g. Hyperproof
- Creating connections between tools using APIs
- Knowledge of data tools for visualization purposes e.g. Looker
Desired Skills and Attributes
- 1-3+ years as a security analyst or similar role working in security audit, compliance, information security operations, or security consulting
- 1-3 years of experience with cloud security best practices
- Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of: PCI, SOC2, HITRUST, ISO 27001/2, or similar
- Designing and testing security controls, as well as documenting related risk findings and activities
- Working with external auditors or assessors and facilitating evidence and information gathering from internal stakeholders
- Understanding of how to achieve compliance objectives in a cloud native environment
- Comfortable taking ownership of projects and showcasing key accomplishments
- Strives for continued learning opportunities to build upon craft
- Values correctness and efficiency and has an exceptional eye for detail
- Ability to work quickly and independently with minimal oversight
- Ability to work under pressure and multitask in a fast-paced start-up environment
- Desire to accept feedback and constructive criticism
- Holds a Cybersecurity certification or in process of achieving one, e.g. CISA, CEH, Security+, etc.
Life at TripleLift
At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.
Learn more about TripleLift and our culture by visiting our LinkedIn Life page.
Diversity, Equity, Inclusion and Accessibility at TripleLift
At TripleLift, we believe in the power of diversity, equity, inclusion and accessibility. Our culture enables individuals to share their uniqueness and contribute as part of a team. With our DE&I initiatives, TripleLift is a place that works for you, and where you can feel a sense of belonging and support. At TripleLift, we will consider and champion all qualified applicants for employment without regard to race, creed, color, religion, national origin, sex, age, disability, sexual orientation, gender identity, gender expression, genetic predisposition, veteran, marital, or any other status protected by law. TripleLift is proud to be an equal opportunity employer.
Learn more about our DEI efforts at https://triplelift.com/diversity-equity-and-inclusion/
TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.