Senior Application Security Engineer

See more jobs from The Trade Desk Inc

4 months old

Apply Now

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers –– and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally-connected team, then we want to talk!

What We Do 

Cybersecurity at The Trade Desk strives to protect the people, process, and technology used to further our goals for the open internet using hybrid infrastructure that includes major public clouds (Amazon Web Services, Azure, Google Cloud Platform) and on-premise systems in data centers around the world. 

What You’ll Do 

We are looking for an experienced Application Security Engineer specialising in Java web applications with strong expertise in OIDC and OAuth2. This role will work embedded with the OpenPass team contributing to: 

  • Threat models, design, implementation, and management of security measures for OpenPass applications, ensuring that they are robust and trustworthy. 
  • Reviews and validations that OIDC and OAuth2 protocols are implemented correctly, ensuring secure authentication and authorization processes. 
  • Secure cloud infrastructure, ensuring adherence to security best practices for public cloud environments such as AWS. 
  • Design, implementation, reviews and management of Kubernetes infrastructure to ensure the protection of containerized workloads and application data. 
  • Secure deployment pipelines by integrating security check and controls within CI/CD processes to ensure safe and reliable infrastructure deployment and software releases. 
  • Regular security assessments, code reviews, and penetration tests to identify and mitigate security vulnerabilities in our applications. 
  • Development and enforcement of security best practices and standards for web applications and APIs, ensuring compliance with industry specifications, regulations, and compliance policies. 
  • Maintaining comprehensive documentation of security decisions, procedures, configurations, and assessment reports. 
  • Security training sessions for developers and other stakeholders to promote a culture of security awareness within the organisation. 

Who You Are 

  • Experience: minimum of 5 years of experience in application security, with a focus on JavaScript and Java web applications. 
  • Experience with secure coding practices and threat modeling. 
  • Strong expertise in OIDC and OAuth2 protocols, including implementation and management. 
  • Proficiency in Java programming and related frameworks (e.g. Spring, Vert.X) 
  • Familiarity with cloud security and container security (e.g. AWS, Kubernetes) 
  • Experience with security tools and technologies (e.g. static and dynamic analysis, SIEM, WAF) 
  • Ability to work independently and as part of a team. 
  • Strong communication and collaboration skills 
  • Attention to detail and a proactive approach to security. 

 

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.