Staff Security Engineer - Toronto - Index Exchange

Description

Join to apply for the Staff Security Engineer role at Index Exchange

2 days ago Be among the first 25 applicants

Join to apply for the Staff Security Engineer role at Index Exchange

At Index Exchange, we're reinventing how digital advertising works—at scale. As a global advertising supply‑side platform, we empower the world's leading media owners and marketers to thrive in a programmatic, privacy‑first ecosystem.

We're a proud industry pioneer with over 20 years of experience accelerating the ad technology evolution. Our proprietary tech is trusted by some of the world's largest brands and media owners and plays a crucial role in keeping the internet open, accessible, and largely free.

We process more than 550 billion real‑time auctions every day (in comparison, Google processes 8.5 billion searches per day) with ultra‑low latency. Our platform is vertically integrated from servers to networks and runs primarily on our own metal and cloud infrastructure. This end‑to‑end infrastructure is designed to provide both stability and agility, enabling us to adapt quickly as the market evolves.

At the core of it all is our engineering‑first culture. Our engineers tackle internet‑scale problems across tight‑knit, global teams. From moving petabytes of data and optimizing with AI to making real‑time infrastructure decisions, Indexers have the agency and influence to shape the future of advertising. We move fast, build thoughtfully, and stay grounded in our core values.

About The Role

We're looking for a Staff Security Engineer / Security Architect to support our growing security team. This position reports directly to Director Enterprise Systems and Security based in New York and will work closely with members of the Technology Operations team.

What We're Looking For

• You are analytically minded – you're a problem solver.
• You have strong written and verbal communication skills. You can articulate complex technical topics to diverse audiences.
• You are highly collaborative – you work across the organization with a variety of stakeholders in order to get the job done.
• You roll with the punches – you adapt to change.
• You take ownership.

Here's What You'll Be Doing

• Security Architecture & Design: Lead the design, implementation, and maintenance of scalable and effective security solutions across our global infrastructure, networks, and applications.
• Threat Modeling & Risk Management: Conduct thorough threat modeling and risk assessments for new and existing systems. Identify vulnerabilities, assess potential impact, and recommend and implement mitigation strategies.
• Vulnerability Management: Oversee and enhance the vulnerability management program, including scanning, penetration testing, and remediation efforts.
• Security Operations & Incident Response: Lead and participate in incident response activities, including investigation, containment, eradication, and recovery. Develop and refine incident response plans and playbooks.
• Tooling & Automation: Develop and implement automated security tools and processes to improve detection, prevention, and response capabilities.
• Policy & Compliance: Contribute to the development, implementation, and enforcement of security policies, standards, and procedures. Ensure compliance with relevant industry regulations and frameworks (ISO 27001, SOC 2, NIST, GDPR, PCI DSS).
• Secure Development Lifecycle (SDLC): Work with software engineering teams to integrate security best practices into the software development lifecycle (SAST/DAST, SBOM, etc).
• Mentorship & Technical Leadership: Provide technical guidance, mentorship, and subject matter expertise to other engineers and teams. Champion security awareness and best practices across the organization.
• Research & Evaluation: Stay current with the latest cybersecurity threats, vulnerabilities, attack vectors, and industry best practices. Evaluate and recommend new security technologies and approaches.
• Collaboration & Communication: Work effectively with cross‑functional teams (Engineering, Architecture, IT, Cloud Platform, Legal) to achieve security objectives. Clearly communicate complex security concepts and risks to both technical and non‑technical stakeholders.

Here's What You Need

• Bachelor's degree or higher in Computer Science, Cyber Security, Engineering, or equivalent experience.
• 8+ years of experience working as a security engineer in a highly distributed, high transaction volume, low latency environment with a proven track record of designing, implementing, and managing complex security solutions in enterprise environments.
• Strong experience securing both cloud and on‑prem environments comprised of a mix of bare metal, virtualized, and containerized workloads.
• Strong proficiency with OS security hardening (Linux, Windows).
• Strong understanding of network security (firewalls, IDS/IPS, WAF, VPNs, network segmentation, etc.).
• Proficiency in application security concepts (OWASP Top 10, secure coding practices, SAST, DAST).
• Proficiency in one or more scripting languages.
• Experience with infrastructure‑as‑code and infrastructure automation tools (Ansible, Puppet, etc.).
• Experience with identity and access management (IAM) solutions (SSO, MFA, PAM).
• Experience with security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) tools.
• Experience with endpoint detection & response (EDR) tools.
• Experience with vulnerability scanning tools (Nessus, Qualys, etc.).
• Experience performing/leading penetration testing and engagements.
• Knowledge of encryption technologies and PKI.
• Understanding of containerization and orchestration technologies (Docker, Kubernetes) and their security implications.

Why You'll Love Working Here

• Comprehensive health, dental, and vision plans for you and your dependents.
• Paid time off, health days, and personal obligation days plus flexible work schedules.
• Competitive retirement matching plans.
• Equity packages.
• Generous parental leave available to birthing, non‑birthing, and adoptive parents.
• Annual well‑being allowance plus fitness discounts and group wellness activities.
• Commuter benefits and discounts, where available.
• Employee assistance program.
• Mental health first aid program that provides an in‑the‑moment point of contact and reassurance.
• One day of volunteer time off per year and a donation‑matching program.
• Bi‑weekly town halls and regular community‑led team events.
• Multiple resources and programming to support continuous learning.
• A workplace that supports a diverse, equitable, and inclusive environment – learn more here.

Equal Employment Opportunity

At Index Exchange, we believe that successful products are built by teams just as diverse as the audience who uses them. As such, we are committed to equal employment opportunities. We celebrate diversity of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or veteran status. Additionally, we realize that diversity is deeper than any status or classification—diversity is the human experience. For those who show grit, passion, and humility—Index will welcome you.

Accessibility For Applicants With Disabilities

Index Exchange welcomes and encourages individuals with disabilities to apply to work with us.

If you require an accommodation, please share the details of your request and any information how we can assist you with the hiring recruiter when they contact you. Index Exchange will make reasonable efforts to ensure accommodation requests are met throughout the recruitment process.

Index Everywhere, Index Anywhere

Our corporate headquarters are in Toronto, with major offices in New York, Montreal, Kitchener, London, San Francisco, and many other global cities. As a major global advertising exchange, we are committed to operating as a tightly knit global team and embracing and empowering talent wherever our colleagues may be.

#J-18808-Ljbffr