The Trade Desk is changing the way global brands and their agencies advertise
to audiences around the world. How? With a media buying platform that helps
brands deliver a more insightful and relevant ad experience for consumers -
and sets a new standard for global reach, accuracy, and transparency. We
are proud of the culture we have built. We value the unique experiences and
perspectives that each person brings to The Trade Desk, and we are committed
to fostering inclusive spaces where everyone can bring their authentic selves
to work every day.
So, if you are talented, driven, creative, and eager to join a
dynamic, globally-connected team, then we want to talk!
What we do:
We are a consultative security team focused on providing expert guidance,
assessments, and reviews to strengthen application and cloud security. Our
role is to evaluate and improve security across the software development
lifecycle (SDLC), ensuring cloud and datacenter Kubernetes environments
are secure, and security is effectively integrated into DevSecOps practices.
We collaborate with development, DevOps, and cloud teams to advise on best
practices, conduct assessments, and support security initiatives across
engineering functions. Our culture values knowledge-sharing, innovation,
and a proactive approach to identifying and mitigating security risks.
What you'll do:
Conduct security assessments, including threat modeling, code reviews,
and penetration testing.
Develop and integrate security automation within CI/CD pipelines for secure
software delivery.
Develop security best practices for Kubernetes, containerized
applications, and cloud environments.
Collaborate with DevOps and engineering teams to implement secure-by-design
principles and enhance security observability.
Evaluate and deploy security tools for vulnerability management, secrets
management, and runtime protection.
Provide mentorship and guidance to developers on secure coding practices and
security awareness.
Perform security architecture reviews and risk assessments for applications
and cloud services.
Investigate security incidents, perform root cause analysis, and recommend
remediation strategies.
Stay up-to-date with emerging threats, vulnerabilities, and security
technologies to proactively mitigate risks.
Who you are:
Security Specialist: BS degree or equivalent years of experience and 8+
years of related experience in application security, DevSecOps, and cloud
security.
Technical Expert:Expertise in secure software development, penetration
testing, and vulnerability management.
Secure Development:Expertise in code review (C#, Java, JavaScript,
or similar).
Scripting:Familiarity with writing in scripting languages (Python,
Bash, Go, or similar) for automation.
Kubernetes Knowledge:Experience securing Kubernetes and containerized
applications (e.g., Docker, Helm, Istio).
Cloud Security Focus:Hands-on knowledge of AWS, Azure, or GCP
security, including IAM, networking, and compliance frameworks.
Automation Advocate:Proficiency in security automation and tooling
(e.g., SAST, DAST, IaC scanning, secrets management, SIEM, WAFs).
CI/CD Integrator:Experience with modern CI/CD tools (e.g., GitHub
Actions, GitLab CI/CD, Jenkins, ArgoCD) and security integrations.
Risk & Threat Modeler:Understanding of identity and access management,
API security, and authentication mechanisms.
Infrastructure Security:Knowledge of infrastructure-as-code (IaC)
security (e.g., Terraform, AWS CloudFormation, Pulumi).
Values-Driven:You embody our core values:
Vision:Anticipating and addressing future security challenges proactively.
Grit:Persevering through complex security challenges with a problem-solving
mindset.
Agility:Adapting quickly to evolving security threats and industry
advancements.
Generosity:Sharing knowledge and mentoring others to uplift the security
posture of the entire organization.
Openness:Communicating transparently and f stering a culture of trust and
collaboration.
Full-Heartedness:Collaborative and communicative, approaching security
with passion, dedication, and a commitment to excellence.
#LI-TP1The Trade Desk does not accept unsolicited resumes from search firm
recruiters. Fees will not be paid in the event a candidate submitted by a
recruiter without an agreement in place is hired; such resumes will be
deemed the sole property of The Trade Desk. The Trade Desk is an equal
opportunity employer. All aspects of employment will be based on merit,
competence, performance, and business needs. We do not discriminate on the
basis of race, color, religion, marital status, age, national
origin, ancestry, physical or mental disability, medical condition,
pregnancy, genetic information, gender, sexual orientation, gender
identity or expression, veteran status, or any other status protected
under fed
[LA JOBS ONLY] The Trade Desk will consider qualified applicants with
criminal histories for employment in a manner consistent with the requirements
of the Los Angeles Fair Chance Initiative for Hiring, Ordinance No. 184652.
[SF JOBS ONLY] Pursuant to the San Francisco Fair Chance Ordinance, we
will consider for employment qualified applicants with arrest and conviction
records.NY, CO, CA, and WA residents only: In accordance with NY, CO,
CA, and WA law, the range provided is The Trade Desk's reasonable
estimate of the base compensation for this role. The actual amount may differ
based on non-discriminatory factors such as experience, knowledge,
skills, abilities, and location. All employees may be eligible to become
The Trade Desk shareholders through eligibility for stock-based compensation
grants, which are awarded to employees based on company and individual