Manager, Security Engineering

What You'll Do:

• Lead, grow, mentor, and develop a combined team of Application Security and Platform Security engineers; drive performance, growth, and retention across the function.
• Own and evolve The Trade Desk’s Security Engineering strategy, roadmap, and maturity model across both application and platform domains; define and report KPIs that demonstrate measurable improvement in security posture to senior leadership.
• Ensure consistency and alignment across application and platform security controls—driving unified standards, shared tooling, and integrated posture outcomes for the enterprise.
• Drive shift-left integration of security into the SDLC in partnership with Engineering and Product—including threat modeling, secure design reviews, and the rollout and tuning of SAST, DAST, and SCA tooling.
• Mature TTD’s posture management capabilities across cloud and infrastructure—including CSPM, Infrastructure-as-Code scanning, hardening baselines, and configuration management.
• Mature TTD’s vulnerability management and remediation orchestration practices—including triage workflows, risk‑based prioritization, SLA tracking, and integration with engineering workflows.
• Represent the Security Engineering function across the broader organization—Engineering, Product, Compliance, Security Response, and executive leadership—and influence roadmap decisions, resource allocation, and security investment priorities.

• 7+ years of experience in Information Security or Cybersecurity, with hands‑on depth in Application Security and/or Platform/Cloud Security.
• 2+ years of experience leading and developing security engineering teams, including hiring, mentoring, performance management, and roadmap ownership.
• Experience driving a measurable security maturity program—defining KPIs, reporting to leadership, and demonstrating posture improvement over time.
• Experience building programs that apply industry‑standard security best practices and reconcile them against business and engineering needs.
• Experience managing a security assessment program—including architecture reviews, secure design reviews, threat models, and code/configuration reviews across many product teams.
• Experience building security visibility and engagement programs (e.g., Security Champions, security awareness, training) that scale culture and coverage across the organization.
• Working knowledge of cloud security, Cloud Security Posture Management (CSPM), and Infrastructure-as-Code scanning across one or more major cloud platforms (AWS, GCP, or Azure).
• Strong understanding of secure software development and deployment practices, including common application security risks and mitigations (e.g., OWASP, CWE).
• Familiarity with common Information Security frameworks and standards such as MITRE ATT&CK, NIST, and ISO 27001/27002.
• Excellent written and verbal communication skills—able to translate technical risk into business outcomes for executive audiences and to communicate, influence, and manage expectations directly with engineering teams.
• Certifications such as CISSP, CSSLP, GWAPT, OSWE, or cloud security certifications (AWS, GCP, or Azure) are a plus.
• Knowledge of PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information is a plus.
• Experience in ad tech, large‑scale SaaS, or other high‑throughput consumer/enterprise platforms is a plus.

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs.

We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

[LA JOBS…