Staff Application Security Engineer

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers –– and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally-connected team, then we want to talk!

What we do:

We are a consultative security team focused on providing expert guidance, assessments, and reviews to strengthen application and cloud security. Our role is to evaluate and improve security across the software development lifecycle (SDLC), ensuring cloud and datacenter Kubernetes environments are secure, and security is effectively integrated into DevSecOps practices. We collaborate with development, DevOps, and cloud teams to advise on best practices, conduct assessments, and support security initiatives across engineering functions. Our culture values knowledge-sharing, innovation, and a proactive approach to identifying and mitigating security risks.

What you'll do:

• Conduct security assessments, including threat modeling, code reviews, and penetration testing.
• Develop and integrate security automation within CI/CD pipelines for secure software delivery.
• Develop security best practices for Kubernetes, containerized applications, and cloud environments.
• Collaborate with DevOps and engineering teams to implement secure-by-design principles and enhance security observability.
• Evaluate and deploy security tools for vulnerability management, secrets management, and runtime protection.
• Provide mentorship and guidance to developers on secure coding practices and security awareness.
• Perform security architecture reviews and risk assessments for applications and cloud services.
• Investigate security incidents, perform root cause analysis, and recommend remediation strategies.
• Stay up-to-date with emerging threats, vulnerabilities, and security technologies to proactively mitigate risks.

Who you are: 

• Security Specialist:BS degree or equivalent years of experience and 8+ years of related experience in application security, DevSecOps, and cloud security.

• Technical Expert: Expertise in secure software development, penetration testing, and vulnerability management.
• Secure Development: Expertise in code review (C#, Java, JavaScript, or similar).
• Scripting: Familiarity with writing in scripting languages (Python, Bash, Go, or similar) for automation.
• Kubernetes Knowledge: Experience securing Kubernetes and containerized applications (e.g., Docker, Helm, Istio).
• Cloud Security Focus: Hands-on knowledge of AWS, Azure, or GCP security, including IAM, networking, and compliance frameworks.
• Automation Advocate: Proficiency in security automation and tooling (e.g., SAST, DAST, IaC scanning, secrets management, SIEM, WAFs).
• CI/CD Integrator: Experience with modern CI/CD tools (e.g., GitHub Actions, GitLab CI/CD, Jenkins, ArgoCD) and security integrations.
• Risk & Threat Modeler: Understanding of identity and access management, API security, and authentication mechanisms.
• Infrastructure Security: Knowledge of infrastructure-as-code (IaC) security (e.g., Terraform, AWS CloudFormation, Pulumi).

Values-Driven: You embody our core values:

• Vision: Anticipating and addressing future security challenges proactively.
• Grit: Persevering through complex security challenges with a problem-solving mindset.
• Agility: Adapting quickly to evolving security threats and industry advancements.
• Generosity: Sharing knowledge and mentoring others to uplift the security posture of the entire organization.
• Openness: Communicating transparently and fostering a culture of trust and collaboration.
• Full-Heartedness: Collaborative and communicative, approaching security with passion, dedication, and a commitment to excellence.

#LI-TP1

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

[LA JOBS ONLY] The Trade Desk will consider qualified applicants with criminal histories for employment in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring, Ordinance No. 184652.

[SF JOBS ONLY] Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.