Information Security Engineer


We are looking to hire an Information Security Engineer to help protect The Trade Desk systems, networks, and data. As a security specialist within the DevOps team, this is a hands-on position with direct operational involvement. You will need to be comfortable reading various types of code to assess security risk, and should have multiple years of experience in systems, network, and/or application security, or a strong interest in this area in a prior SRE/DevOps or software engineering role. You keep abreast of the latest information security trends and risks. You enjoy not only defining information security policy and processes, but directly implementing security solutions at scale. You work well with others and partner with operations engineers and developers to make sure "security is everyone's job." You are pragmatic and realize many "off the shelf" security solutions don't work at a global aggregate scale of millions of requests per second. You have experience with compliance initiatives such as Sarbanes-Oxley, SOC, and PCI.
 
KEY RESPONSIBILITIES:
  • Implement and manage compliance requirements- Automate where possible
  • Incident Response - You can find an unauthorized processes on a Windows or Linux system, identify what the process is doing, and know how to eradicate
  • Work with the Engineering organization to ensure security is “baked in”
  • Act as the expert for operational security initiatives within the Engineering organization
  • Manage network security in physical and cloud environments (firewall rules, router/load-balancer ACLs, AWS security groups)
  • Define, publish, and audit security standards for infrastructure vendors
  • Define and implement a cross-platform software update process that keeps our operating systems and applications up-to-date
  • Perform vulnerability scans to probe The Trade Desk systems and networks for weaknesses and remediate any findings
  • Establish and implement processes to protect the handling of credentials and other secrets throughout The Trade Desk systems and applications
  • Be the operational point of contact for security questionnaires and compliance programs
  • Take on a leadership role in important processes such as Change Management and Incident Management
  • Participate in Scrum methodology along with the rest of the DevOps / SRE team
  • Potential participation in a 24/7 on-call rotation.
REQUIREMENTS:
  • 5+ years working with systems at high-scale and at least 2 years of information security focus
  • Information Security certifications or related curriculum
  • Experience with both physical and cloud infrastructure
  • Experience with compliance programs such as Sarbanes-Oxley, PCI, or SOC is a big plus
  • The ability to pass our DevOps coding exercise using the language of your choice
  • The ability to review C# and JavaScript code for OWASP Top 10 vulnerabilities
  • Knowledge of TCP/IP fundamentals
  • Experience with configuration management tools is a plus. We use Chef, but Puppet, Salt, or Ansible experience is okay, too
  • Experience with Agile methodologies and a rapid development cycle
  • Experience with 2 or more of the following tools or similar: Metasploit, Nessus, Splunk, Burp Proxy, SonarQube
  • Cross-platform experience with both Windows and Linux
  • Self-motivation

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without a contract in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.


Help build the future of digital advertising.

View Opportunities View our awards.