Information Security Engineer
WHO WE ARE LOOKING FOR:
WHAT YOU WILL BE DOING:
- Implement and manage compliance requirements- Automate where possible
- Incident Response - You can find an unauthorized processes on a Windows or Linux system, identify what the process is doing, and know how to eradicate
- Work with the Engineering organization to ensure security is “baked in”
- Act as the expert for operational security initiatives within the Engineering organization
- Manage network security in physical and cloud environments (firewall rules, router/load-balancer ACLs, AWS security groups)
- Define, publish, and audit security standards for infrastructure vendors
- Define and implement a cross-platform software update process that keeps our operating systems and applications up-to-date
- Perform vulnerability scans to probe The Trade Desk systems and networks for weaknesses and remediate any findings
- Establish and implement processes to protect the handling of credentials and other secrets throughout The Trade Desk systems and applications
- Be the operational point of contact for security questionnaires and compliance programs
- Take on a leadership role in important processes such as Change Management and Incident Management
- Participate in Scrum methodology along with the rest of the DevOps / SRE team
- Potential participation in a 24/7 on-call rotation.
WHAT YOU BRING TO THE TABLE:
- 5+ years working with systems at high-scale and at least 2 years of information security focus
- Information Security certifications or related curriculum
- Experience with both physical and cloud infrastructure
- Experience with compliance programs such as Sarbanes-Oxley, PCI, or SOC is a big plus
- The ability to pass our DevOps coding exercise using the language of your choice
- The ability to review C# and JavaScript code for OWASP Top 10 vulnerabilities
- Knowledge of TCP/IP fundamentals
- Experience with configuration management tools is a plus. We use Chef, but Puppet, Salt, or Ansible experience is okay, too
- Experience with Agile methodologies and a rapid development cycle
- Experience with 2 or more of the following tools or similar: Metasploit, Nessus, Splunk, Burp Proxy, SonarQube
- Cross-platform experience with both Windows and Linux
- Self-motivation
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without a contract in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.