Information Security Engineer
WHO WE ARE:
The Trade Desk is leading the way to the future of marketing by changing how advertising is bought and sold. Working with the largest brands and agencies around the world, our technology platform helps consumers discover products they want by enabling advertisers to target and reach them on the right channels at the right time.
Employees join The Trade Desk to discover opportunity, contribute to our customers’ success, and be part of building the future of marketing. You’ll work with creative, compassionate, and collaborative colleagues that share a passion for making the internet better for all – a combination that simply can't be beat.
When you join The Trade Desk, you’re joining a family. We have open space work environments, adjustable sitting/standing desks, and a celebrated open-door policy (at all levels) that can inspire out-of-the-box solutions and camaraderie among your coworkers. The competitive compensation packages, full benefits, stock options, and additional discounted stock purchase opportunities, catered lunches, and offsite team building activities may cause slight to severe jealousy among your peers.
WHO WE ARE LOOKING FOR:
You are an elite Information Security professional with several years of experience in systems, networks and/or application security. Your experience also includes navigating complex security and compliance initiatives such as Sarbanes-Oxley IT General Controls, SSAE-16/18 SOC 1 & 2, and the Payment Card Industry Data Security Standard (PCI-DSS). You stay on top of the latest information security trends, risks and countermeasures. You love not only defining security policies, standards and procedures, but developing and directly implementing security solutions at scale. You have excellent communications skills that go beyond “tech talk” and can translate complex technical matters to those without a technical background.
WHAT YOU WILL BE DOING:
The Information Security Engineer will be an integral part of our growing Information Security Team in Ventura, California and will report to our Director, Information Security. Together with the rest of the team, you will support information security and compliance initiatives throughout the enterprise and will work multi-functionally with key partners throughout the organization. With the goal of protecting The Trade Desk’s systems, networks and data, your contributions to the team and company will include:
- Planning, implementing, managing, monitoring and upgrading security measures for the protection of The Trade Desk’s networks, systems, users and data.
- Implementing, managing and monitoring security controls from various compliance frameworks such as SOX IT General Controls, SSAE-16/18, ISO 27001/2 and PCI-DSS.
- Automating the implementation, management and monitoring of the above mentioned security controls.
- Responding to and investigating potential and confirmed security incidents. Identifying unauthorized access or processes, containing and eradicating them, and documenting the entire incident response process.
- Performing vulnerability scans and penetration tests to probe The Trade Desk’s networks and systems for vulnerabilities. Building and executing prioritized remediation plans to remediate any findings.
- Coordinating external penetration testing engagements with third-party security service providers. Executing advised remediation plans to address any findings.
- Supporting the ongoing development of the Governance, Compliance and Risk Management programs.
- Establishing, implementing and auditing security standards for the secure management of The Trade Desk’s networks and systems.
- Performing daily administrative tasks, reporting and communicating globally with other groups at The Trade Desk.
- Promoting security awareness and cultivating employees’ adoption of information security standard methodologies.
- Participating in special projects and duties as required.
WHAT YOU BRING TO THE TABLE:
- At least 5+ years of full-time work experience in network, systems or application engineering with at least 2+ of those years being focused on information security
- A proven track record of multitasking with a keen eye for details and the dedication to remain one step ahead of the adversary when it comes to defending systems and networks.
- Strong organizational skills and the ability to thrive in dynamic, high-stress scenarios.
- Direct experience with security technologies such as anti-virus software, intrusion detection systems, firewalls, content filtering and Security Information and Event Management (SIEM) systems.
- Knowledge of risk assessment tools, technologies and methods.
- Experience crafting secure networks, systems and application architectures in cloud, virtual and physical environments.
- Knowledge of disaster recovery, computer forensic tools, technologies and methods.
- Familiarity with common Information Security and Information Technology frameworks and standards, such as COBIT and ITIL.
- Ability to transform abstract regulatory requirements into cohesive compliance actions.
- Ability to collaborate in a team setting, as well as work independently
- Conceptual understanding of software development methodologies
- A degree in Computer Science, IT, Systems Engineering is a plus.
- Information Security certifications are a plus (i.e. CISSP, CEH, CISM, CompTIA Security+, SANS GIAC Certifications, etc.)
The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.