Senior Application Security Engineer

PubMatic (Nasdaq: PUBM) is an independent technology company maximizing customer value by delivering digital advertising’s supply chain of the future.

PubMatic’s sell-side platform empowers the world’s leading digital content creators across the open internet to control access to their inventory and increase monetization by enabling marketers to drive return on investment and reach addressable audiences across ad formats and devices.

Since 2006, our infrastructure-driven approach has allowed for the efficient processing and utilization of data in real time. By delivering scalable and flexible programmatic innovation, we improve outcomes for our customers while championing a vibrant and transparent digital advertising supply chain.

Role & Responsibilities:

• Collaborate closely with engineers and software development teams to ensure that security considerations are integrated into the software development process
• Act as a subject matter expert in secure application development, providing guidance and recommendations for secure coding practices, tools, and techniques
• Lead the implementation of secure coding practices and standards, ensuring the development of secure software
• Conduct security assessments, code reviews, and vulnerability scans to identify and address security weaknesses in applications
• Participate in security incident response efforts, contributing to minimizing the impact of security incidents and facilitating recovery
• Stay updated on emerging threats and trends in application security, applying this knowledge to enhance our security posture proactively
• Collaborate with cross-functional teams to ensure that application security is seamlessly integrated into the software development process
• Set up security tooling and secure defaults to ensure software security best practices
• Perform architecture analysis, threat modeling and technical design reviews of sensitive features and infrastructure
• Triage and recommend solutions for security bugs from tools, third party assessments and external reported bugs
• Participate in Red-Teaming, Blue Teaming exercises
• Work with Partners to execute VAPT exercises
• Understanding of security weaknesses, exploits, attacks, and mitigations
• Experience and enthusiasm for learning about new security products, features, and strategies
• Coding ability. You will sometimes build proofs of concept or implement automation scripts and scan the codes
• Experience with most of the following: Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, Security Code Review
• Provide mentorship and guidance to junior engineers to enhance their understanding of secure coding practices and application security
• Should be able to conduct security awareness sessions and participate in various security campaigns e.g., Phishing campaigns, Hackathon, security bulletins
• Strong analytical and problem-solving skills with the ability to assess and mitigate complex security risks and issues and drive security improvements
• Excellent communication and interpersonal skills to collaborate effectively with teams and articulate security concepts to both technical and non-technical stakeholders
• Identify and help mitigate security issues, misconfigurations, and vulnerabilities related to PubMatic’s infrastructure
• Create security policies, standards, procedures, guidelines
• Drive and participate in different Audits (both Internal and External), RFI’s to support new business initiatives

Desired Qualifications:

• Bachelor’s degree in computer science or related technical field or equivalent practical experience.
• 10+ years of experience with anti-abuse AppSec, threat modeling, and/or secure architecture.
• In-depth knowledge of anti-abuse solutions, cloud, application security, network security, and/or infrastructure security.
• Applied knowledge of securing public and private cloud
• Ability to perform SAST, DAST, SCA, IAAC scans
• Experience performing source code reviews across various languages (e.g. Java, Go, C, Perl, PHP, R, Rust, Ruby etc.)
• Working knowledge of malware detection and best practices
• Ability to assess engineering designs and architecture diagrams for abuse risks
• Ability to assess abuse risks within an application of feature
• Experience communicating abuse risks and roadmaps to senior leadership
• Experience designing and implementing anti-abuse solutions
• Hands-on experience on tools like CheckMarx, Invicti, SonarQube, Dependency Track, Vault is a plus
• Experience contributing to the security anti-abuse community such as presenting at conferences or meetups
• Relevant certifications (e.g., CISSP, OSCP, CEH, ISO27001, COMPTIA Security+, Cloud+ etc.) are a plus.

#LI-DNI

Return to Office: PubMatic employees throughout the global have returned to our offices via a hybrid work schedule (3 days “in office” and 2 days “working remotely”) that is intended to maximize collaboration, innovation, and productivity among teams and across functions. 

Benefits: Our benefits package includes the best of what leading organizations provide, such as stock options, paternity/maternity leave, healthcare insurance, broadband reimbursement. As well, when we’re back in the office, we all benefit from a kitchen loaded with healthy snacks and drinks and catered lunches and much more!

Diversity and Inclusion: PubMatic is proud to be an equal opportunity employer; we don’t just value diversity, we promote and celebrate it. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.