Staff Security Engineer

We shaped the earliest forms of ad tech and were looking for the technical expertise to help shape its future. Our customers have unique problems that can only be solved at internet scale and thats where the technical skills of our team make a real difference.

Our exchange handles over 500 billion requests every day (for comparison Google serves an estimated 9 billion searches a day) all running in our own global data centers. Every member of our technology team has an enormous amount of autonomy in building and managing our systems to support and enable our growing level of scale. Through the transparency of our technology dedication to innovation and integrity and long-standing customer relationships we lead through change.

Whats it like to work at Index

We have more than 550 Indexers around the globe dedicated to building a safe and transparent marketplace that provides a trusted experience for consumers.

Index is an exciting and fast-paced place to work. Were built on our values of change support learning and teaching trust and intention. We pride ourselves on our independence and openness not only in our technology but in our teams too. Our diverse and inclusive culture celebrates how we can leverage our unique differences to help drive Index forward.

Our culture of success is truly supportive and collaborative. In working together across our teams were continually investing in the people and technology to solve the industrys most complex problems. As we extend the promise of ad tech to every channel were looking for talented engineers to help advance Index and the industry forward.

Are you ready to join the programmatic evolution

Index Exchange funds the open web. Content and journalism across the internet are funded through advertising and we are the engine that helps to make that happen transparently safely and efficiently. Handling hundreds of billions of auctions per day within milliseconds requires an intense understanding of the exchange and the ecosystem that we live in.

Our business is growing significantly every year and is poised to grow even faster. Our people and our platforms are the foundation and enabler of that growth. We are significantly expanding our technology teams and are looking for technologists with a passion for high performance software development and a drive to deliver software products and platforms that enable and empower industries at a global scale.

About The Role:

Were looking for a Staff Security Engineer/ Security Architect to support our growing security team.

This position reports directly to Director Enterprise Systems and Security based in New Yorkand will work closely with members of the Technology Operations team.

Indexs scale spans the globe our transactions happen 24x7 in our global data centers and every second that passes millions of requests are evaluated across our exchange. In order to achieve our mission global efficiency and reliability are absolutely key as every millisecond quite literally counts in our business.

What Were Looking For:

• You are analytically minded - youre a problem solver.

• You have strong written and verbal communication skills. You can articulate complex technical topics to diverse audiences.

• You are highly collaborative you work across the organization with a variety of stakeholders in order to get the job done.

• You roll with the punches you adapt to change.

• You take ownership.

Heres What Youll be Doing:

• Security Architecture & Design: Lead the design implementation and maintenance of scalable and effective security solutions across our global infrastructure networks and applications.

• Threat Modeling & Risk Management: Conduct thorough threat modeling and risk assessments for new and existing systems. Identify vulnerabilities assess potential impact and recommend and implement mitigation strategies.

• Vulnerability Management: Oversee and enhance the vulnerability management program including scanning penetration testing and remediation efforts.

• Security Operations & Incident Response: Lead and participate in incident response activities including investigation containment eradication and recovery. Develop and refine incident response plans and playbooks.

• Tooling & Automation: Develop and implement automated security tools and processes to improve detection prevention and response capabilities.

• Policy & Compliance: Contribute to the development implementation and enforcement of security policies standards and procedures. Ensure compliance with relevant industry regulations and frameworks (e.g. ISO 27001 SOC 2 NIST GDPR PCI DSS).

• Secure Development Lifecycle (SDLC): Work with software engineering teams to integrate security best practices into the software development lifecycle (SAST/DAST SBOM etc).

• Mentorship & Technical Leadership: Provide technical guidance mentorship and subject matter expertise to other engineers and teams. Champion security awareness and best practices across the organization.

• Research & Evaluation: Stay current with the latest cybersecurity threats vulnerabilities attack vectors and industry best practices. Evaluate and recommend new security technologies and approaches.

• Collaboration & Communication: Work effectively with cross-functional teams (Engineering Architecture IT Cloud Platform Legal) to achieve security objectives. Clearly communicate complex security concepts and risks to both technical and non-technical stakeholders.

Heres What You Need:

• Bachelors degree or higher in Computer Science Cyber Security Engineering or equivalent experience

• 8 years of experience working as a security engineer in a highly distributed high transaction volume low latency environment with a proven track record of designing implementing and managing complex security solutions in enterprise environments.

• Strong experience securing both cloud and on-prem environments comprised of a mix of bare metal virtualized and containerized workloads.

• Strong proficiency with OS security hardening (Linux Windows)

• Strong understanding of network security (firewalls IDS/IPS WAF VPNs network segmentation etc.).

• Proficiency in application security concepts (OWASP Top 10 secure coding practices SAST DAST).

• Proficiency in one or more scripting languages.

• Experience with infrastructure-as-code and infrastructure automation tools (Ansible Puppet etc).

• Experience with identity and access management (IAM) solutions (e.g. SSO MFA PAM).

• Experience with security information and event management (SIEM) systems and security orchestration automation and response (SOAR) tools.

• Experience with Endpoint Detection & Response tools (EDR).

• Experience with vulnerability scanning tools (Nessus Qualys etc).

• Experience performing/leading penetration testing and engagements.

• Knowledge of encryption technologies and PKI.
• Understanding of containerization and orchestration technologies (e.g. Docker Kubernetes) and their security implications.

Why Youll Love Working Here:

• Comprehensive health dental and vision plans for you and your dependents
• Paid time off health days and personal obligation days plus flexible work schedules
• Competitive retirement matching plans
• Equity packages
• Generous parental leave available to birthing non-birthing and adoptive parents
• Annual well-being allowance plus fitness discounts and group wellness activities
• Employee assistance program
• Mental health first aid program that provides an in-the-moment point of contact and reassurance
• One day of volunteer time off per year and a donation-matching program
• Bi-weekly town halls and regular community-led team events
• Multiple resources and programming to support continuous learning
• A workplace that supports a diverse equitable and inclusive environment learn more here

Equal employment opportunity

At Index Exchange we believe that successful products are built by teams just as diverse as the audience who uses them. As such we are committed to equal employment opportunities. We celebrate diversity of race color ancestry religion sex national origin sexual orientation age citizenship marital status disability gender identity or expression or veteran status. Additionally we realize that diversity is deeper than any status or classificationdiversity is the human experience. For those who show grit passion and humilityIndex will welcome you.

Accessibility for applicants with disabilities

Index Exchange welcomes and encourages individuals with disabilities to apply to work with us.

If you require an accommodation pleasesharethe details of your request and any information how we can assist you with thehiring recruiter when they contact you. Index Exchange will make reasonable efforts toensure accommodation requests are metthroughoutthe recruitment process.

Index Everywhere Index Anywhere

Our corporate headquarters are in Toronto with major offices in New York Montreal Kitchener London San Francisco and many other global cities. As a major global advertising exchange we are committed to operating as a tightly knit global team and embracing and empowering talent wherever our colleagues may be.

#LI-ONSITE

#LI-PC1