Job Specifications
At Index Exchange, we’re reinventing how digital advertising works—at scale. As a global advertising supply-side platform, we empower the world’s leading media owners and marketers to thrive in a programmatic, privacy-first ecosystem.
We’re a proud industry pioneer with over 20 years of experience accelerating the ad technology evolution. Our proprietary tech is trusted by some of the world’s largest brands and media owners and plays a crucial role in keeping the internet open, accessible, and largely free.
We process more than 550 billion real-time auctions every day (in comparison, Google processes 8.5 billion searches per day) with ultra-low latency. Our platform is vertically integrated from servers to networks and runs primarily on our own metal and cloud infrastructure. This end-to-end infrastructure is designed to provide both stability and agility, enabling us to adapt quickly as the market evolves.
At the core of it all is our engineering-first culture. Our engineers tackle internet-scale problems across tight-knit, global teams. From moving petabytes of data and optimizing with AI to making real-time infrastructure decisions, Indexers have the agency and influence to shape the future of advertising. We move fast, build thoughtfully, and stay grounded in our core values.
About The Role
We’re looking for a Staff Security Engineer/ Security Architect to support our growing security team.
This position reports directly to Director Enterprise Systems and Security based in New York and will work closely with members of the Technology Operations team.
What We’re Looking For
You are analytically minded - you’re a problem solver.
You have strong written and verbal communication skills. You can articulate complex technical topics to diverse audiences.
You are highly collaborative – you work across the organization with a variety of stakeholders in order to get the job done.
You roll with the punches – you adapt to change.
You take ownership.
Here’s What You’ll Be Doing
Security Architecture & Design: Lead the design, implementation, and maintenance of scalable and effective security solutions across our global infrastructure, networks, and applications.
Threat Modeling & Risk Management: Conduct thorough threat modeling and risk assessments for new and existing systems. Identify vulnerabilities, assess potential impact, and recommend and implement mitigation strategies.
Vulnerability Management: Oversee and enhance the vulnerability management program, including scanning, penetration testing, and remediation efforts.
Security Operations & Incident Response: Lead and participate in incident response activities, including investigation, containment, eradication, and recovery. Develop and refine incident response plans and playbooks.
Tooling & Automation: Develop and implement automated security tools and processes to improve detection, prevention, and response capabilities.
Policy & Compliance: Contribute to the development, implementation, and enforcement of security policies, standards, and procedures. Ensure compliance with relevant industry regulations and frameworks (e.g., ISO 27001, SOC 2, NIST, GDPR, PCI DSS).
Secure Development Lifecycle (SDLC): Work with software engineering teams to integrate security best practices into the software development lifecycle (SAST/DAST, SBOM, etc).
Mentorship & Technical Leadership: Provide technical guidance, mentorship, and subject matter expertise to other engineers and teams. Champion security awareness and best practices across the organization.
Research & Evaluation: Stay current with the latest cybersecurity threats, vulnerabilities, attack vectors, and industry best practices. Evaluate and recommend new security technologies and approaches.
Collaboration & Communication: Work effectively with cross-functional teams (Engineering, Architecture, IT, Cloud Platform, Legal) to achieve security objectives. Clearly communicate complex security concepts and risks to both technical and non-technical stakeholders.
Here's What You Need
Bachelor’s degree or higher in Computer Science, Cyber Security, Engineering, or equivalent experience
8+ years of experience working as a security engineer in a highly distributed, high transaction volume, low latency environment with a proven track record of designing, implementing, and managing complex security solutions in enterprise environments.
Strong experience securing both cloud and on-prem environments comprised of a mix of bare metal, virtualized, and containerized workloads.
Strong proficiency with OS security hardening (Linux, Windows)
Strong understanding of network security (firewalls, IDS/IPS, WAF, VPNs, network segmentation, etc.).
Proficiency in application security concepts (OWASP Top 10, secure coding practices, SAST, DAST).
Proficiency in one or more scripting languages.
Experience with infrastructure-as-code, and infrastructure automation tools (Ansible, Puppet, etc).
Experience with identity and access ma