Nexxen
Director of Engineering, Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Nexxen
Amobee is a demand-side platform (DSP) integrated into Nexxen, focusing on enhancing advertising outcomes for brands, agencies, and media companies across TV, Connected TV (CTV), and digital media. As part of Nexxen's unified brand portfolio, Amobee contributes to a cohesive platform that bridges buy- and sell-sides, leveraging advanced data to optimize media spend and campaign effectiveness. The platform offers tools for audience development and discovery, cross-channel performance optimization, and comprehensive campaign lifecycle management. Amobee utilizes automatic content recognition (ACR) data and exclusive datasets to improve targeting and reduce waste, ensuring superior performance in premium content. It also integrates with Nexxen's supply-side platform and ad server, providing a complete solution for advertising needs in converged linear and CTV environments.
Security at Nexxen
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec Mission: Lead the application security roadmap and embed security in SDLC/CI-CD and the software supply chain. Developer Enablement vs. Gatekeeping: Passionate about developer enablement, coaching, and advocacy. Risk Philosophy: Drive secure SDLC adoption: threat modeling, secure coding standards, SAST/DAST/SCA, and CI/CD gating. Stated Pain Points or Goals: Run and tune SAST/DAST/SCA with policy-as-code; SLA-based vuln remediation. Gaps & Contradictions: Information not publicly available -- direct public statements describing tensions or contradictions within AppSec philosophy.”
Security Team
Org Structure & Reporting Line: This role leads Security Engineering domains, including Application Security/DevSecOps, Cloud/Infrastructure Security, Identity & Data Security, and Compliance/SOC integration. Chair the Weekly Security Council; represent Security in the Architecture Review Board. Key Public-Facing Leaders: Chief Executive Officer Chief Technology Officer Chief Product Officer. Team Size Estimate (as_of:): Information not publicly available -- no public headcount for AppSec specifically. LinkedIn Search Query Used: "site:linkedin.com Nexxen security"(geo: global) Result: Information not publicly available (no aggregated public headcount for AppSec found). Active AppSec Job Postings (as_of:): Count: 2 (Director of Engineering, Security; Senior Application Security Engineer) Common Skill/Tool Patterns: SAST/DAST/SCA (CodeQL, Semgrep, Snyk, ZAP/Burp). Embed policy-as-code (OPA/Conftest/Regula) Web/API protections (AWS WAF/Cloudflare) Gaps & Contradictions: Information not publicly available -- no org chart or public reporting line showing AppSec's direct manager beyond job-role descriptions.
Key Initiatives
Security Champions Program: Build a high-performing, globally distributed security organization and Security Champions program. "Shift Left"in Practice: Drive secure SDLC adoption: threat modeling, secure coding standards, SAST/DAST/SCA, and CI/CD gating. Run and tune SAST/DAST/SCA with policy-as-code; Vulnerability Management Process Intake: Run and tune SAST/DAST/SCA with policy-as-code; Vulnerability Management Process Triage/Remediation: Establish SLAs/SLOs for vulnerability remediation, incident response, and control health; Vulnerability Management Process Ticketing ownership specifics (e.g., Jira assignment workflows, MTTR targets in days): Information not publicly available. Secure SDLC Artifacts: Drive secure SDLC adoption: threat modeling, secure coding standards, SAST/DAST/SCA, and CI/CD gating. Embed policy-as-code (OPA/Conftest/Regula) and supply-chain protections (SBOM, signing, provenance) into pipelines. Recent Initiatives: Lead AI Security Council (monthly) and AI Ethics Board (quarterly); Build a high-performing, globally distributed security organization and Security Champions program. Gaps & Contradictions: Information not publicly available -- operational runbooks, precise SLAs for remediation timelines, or published vulnerability triage playbooks were not found in public sources.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.