Staff Security Engineer

We shaped the earliest forms of ad tech, and we’re looking for the technical expertise to help shape its future. Our customers have unique problems that can only be solved at internet scale, and that’s where the technical skills of our team make a real difference. 

Our exchange handles over 500 billion requests every day (for comparison Google serves an estimated 9 billion searches a day), all running in our own global data centers. Every member of our technology team has an enormous amount of autonomy in building and managing our systems to support and enable our growing level of scale. Through the transparency of our technology, dedication to innovation and integrity, and long-standing customer relationships, we lead through change. 

What’s it like to work at Index? 

We have more than 550 Indexers around the globe dedicated to building a safe and transparent marketplace that provides a trusted experience for consumers. 

Index is an exciting and fast-paced place to work. We’re built on our values of change, support, learning and teaching, trust, and intention. We pride ourselves on our independence and openness, not only in our technology, but in our teams, too. Our diverse and inclusive culture celebrates how we can leverage our unique differences to help drive Index forward. 

Our culture of success is truly supportive and collaborative. In working together across our teams, we’re continually investing in the people and technology to solve the industry’s most complex problems. As we extend the promise of ad tech to every channel, we’re looking for talented engineers to help advance Index, and the industry, forward. 

Are you ready to join the programmatic evolution? 

Index Exchange funds the open web. Content and journalism across the internet are funded through advertising, and we are the engine that helps to make that happen transparently, safely and efficiently. Handling hundreds of billions of auctions per day within milliseconds requires an intense understanding of the exchange and the ecosystem that we live in. 

Our business is growing significantly every year and is poised to grow even faster. Our people and our platforms are the foundation and enabler of that growth. We are significantly expanding our technology teams, and are looking for technologists with a passion for high performance software development, and a drive to deliver software products and platforms that enable and empower industries at a global scale. 

About The Role:

We’re looking for a Staff Security Engineer/ Security Architect to support our growing security team. 

This position reports directly to Director Enterprise Systems and Security based in New York and will work closely with members of the Technology Operations team.

Index’s scale spans the globe, our transactions happen 24x7 in our global data centers, and every second that passes millions of requests are evaluated across our exchange. In order to achieve our mission, global efficiency and reliability are absolutely key, as every millisecond quite literally counts in our business.

What We’re Looking For:

• You are analytically minded - you’re a problem solver. 

• You have strong written and verbal communication skills. You can articulate complex technical topics to diverse audiences. 

• You are highly collaborative – you work across the organization with a variety of stakeholders in order to get the job done. 

• You roll with the punches – you adapt to change. 

• You take ownership.  

Here’s What You’ll be Doing:

• Security Architecture & Design: Lead the design, implementation, and maintenance of scalable and effective security solutions across our global infrastructure, networks, and applications. 

• Threat Modeling & Risk Management: Conduct thorough threat modeling and risk assessments for new and existing systems. Identify vulnerabilities, assess potential impact, and recommend and implement mitigation strategies. 

• Vulnerability Management: Oversee and enhance the vulnerability management program, including scanning, penetration testing, and remediation efforts. 

• Security Operations & Incident Response: Lead and participate in incident response activities, including investigation, containment, eradication, and recovery. Develop and refine incident response plans and playbooks. 

• Tooling & Automation: Develop and implement automated security tools and processes to improve detection, prevention, and response capabilities. 

• Policy & Compliance: Contribute to the development, implementation, and enforcement of security policies, standards, and procedures. Ensure compliance with relevant industry regulations and frameworks (e.g., ISO 27001, SOC 2, NIST, GDPR, PCI DSS). 

• Secure Development Lifecycle (SDLC): Work with software engineering teams to integrate security best practices into the software development lifecycle (SAST/DAST, SBOM, etc).  

• Mentorship & Technical Leadership: Provide technical guidance, mentorship, and subject matter expertise to other engineers and teams. Champion security awareness and best practices across the organization. 

• Research & Evaluation: Stay current with the latest cybersecurity threats, vulnerabilities, attack vectors, and industry best practices. Evaluate and recommend new security technologies and approaches. 

• Collaboration & Communication: Work effectively with cross-functional teams (Engineering, Architecture, IT, Cloud Platform, Legal) to achieve security objectives. Clearly communicate complex security concepts and risks to both technical and non-technical stakeholders. 

 

Here's What You Need:

• Bachelor’s degree or higher in Computer Science, Cyber Security, Engineering, or equivalent experience 

• 8+ years of experience working as a security engineer in a highly distributed, high transaction volume, low latency environment with a proven track record of designing, implementing, and managing complex security solutions in enterprise environments. 

• Strong experience securing both cloud and on-prem environments comprised of a mix of bare metal, virtualized, and containerized workloads.  

• Strong proficiency with OS security hardening (Linux, Windows) 

• Strong understanding of network security (firewalls, IDS/IPS, WAF, VPNs, network segmentation, etc.). 

• Proficiency in application security concepts (OWASP Top 10, secure coding practices, SAST, DAST). 

• Proficiency in one or more scripting languages. 

• Experience with infrastructure-as-code, and infrastructure automation tools (Ansible, Puppet, etc). 

• Experience with identity and access management (IAM) solutions (e.g., SSO, MFA, PAM). 

• Experience with security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) tools. 

• Experience with Endpoint Detection & Response tools (EDR).  

• Experience with vulnerability scanning tools (Nessus, Qualys, etc). 

• Experience performing/leading penetration testing and engagements. 

• Knowledge of encryption technologies and PKI. 
• Understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications. 

Why You’ll Love Working Here:

• Comprehensive health, dental, and vision plans for you and your dependents  
• Paid time off, health days, and personal obligation days plus flexible work schedules  
• Competitive retirement matching plans  
• Equity packages  
• Generous parental leave available to birthing, non-birthing, and adoptive parents  
• Annual well-being allowance plus fitness discounts and group wellness activities    
• Employee assistance program  
• Mental health first aid program that provides an in-the-moment point of contact and reassurance  
• One day of volunteer time off per year and a donation-matching program  
• Bi-weekly town halls and regular community-led team events  
• Multiple resources and programming to support continuous learning
• A workplace that supports a diverse, equitable, and inclusive environment – learn more here 

Equal employment opportunity

At Index Exchange, we believe that successful products are built by teams just as diverse as the audience who uses them. As such, we are committed to equal employment opportunities. We celebrate diversity of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or veteran status. Additionally, we realize that diversity is deeper than any status or classification—diversity is the human experience. For those who show grit, passion, and humility—Index will welcome you.

Accessibility for applicants with disabilities

Index Exchange welcomes and encourages individuals with disabilities to apply to work with us. 

If you require an accommodation, please share the details of your request and any information how we can assist you with the hiring recruiter when they contact you. Index Exchange will make reasonable efforts to ensure accommodation requests are met throughout the recruitment process.

Index Everywhere, Index Anywhere

Our corporate headquarters are in Toronto, with major offices in New York, Montreal, Kitchener, London, San Francisco, and many other global cities. As a major global advertising exchange, we are committed to operating as a tightly knit global team and embracing and empowering talent wherever our colleagues may be. 

 

#LI-ONSITE

#LI-PC1