Security Architect
As a Security Engineer at OpenX you will be a key member of the Security Engineering team, who will provide expertise in designing, engineering, building, and deploying security solutions in support of enterprise-level initiatives. Security Engineers work hands-on with our software engineers and operations teams to proactively identify and address security risks. Using your industry experience, you will also work to secure our solutions, monitor our enterprise environment for intrusions, resolve incidents and develop best security practices.
The ideal candidate will share our passion for engineering solutions to complex security problems, while minimizing employee friction and maximizing productivity.
Key Responsibilities
- Contributes to the planning, design, and engineering of security solutions across the company
- Automates security controls to improve their effectiveness and efficiency
- Provides information security consultation and support for business and technology organizations within the company
- Develops and tests security procedures
- Develops security incident response plans and playbooks
- Monitors for and responds to information security incidents including internal and external threats
- Implements and utilizes tools for handling security incidents (e.g., forensic toolkits, IDS/IPS, threat monitoring tools)
- Creates and maintains incident documentation, participate in post-mortems, write incident reports, and provide recommendations.
- Performs security risk assessments to identify and implement security solutions and controls
- Supports product development by integrating security and compliance into SDLC
- Assists developers in performing static and dynamic code analysis
- Performs penetration testing of OpenX network and systems
- Implements and supports vulnerability assessment tools
- Works with other teams on prioritizing and addressing vulnerabilities
- Develops and maintains secure configuration standards
- Performs periodic configuration reviews of network devices and systems
- Deploys and utilizes SIEM tools for collecting and monitoring event logs for security events and anomalies
- Provides reviews and approvals for firewall rules and ACLs changes
- Monitors security tools (e.g. Web Application Firewalls, anti malware tools) and responses to security events
- Develops training materials to educate OpenX workforce members on best security practices
- Keeps up to date on information security threats and countermeasures
- Responds to client security questionnaires and audits
- Participates in the RFP and contracting processes
Required Qualifications
- 6+ years of experience information security, risk management, or compliance
- Bachelor’s degree in Computer Science or equivalent
- One or more of the following certifications: CISSP, CISM, CISA, CEH, CIPP, CRISC, CGEIT, PCIP required
- Experience supporting remote security infrastructure for a global company
- Strong knowledge of encryption tools and methodologies, Intrusion Detection and Intrusion Prevention Systems (IDS/IPS), authorization and authentication protocols and solutions (SSO, OAuth/OAuth2, SAML, OpenID, etc.), Next Generation Firewalls, Web Application Firewalls (WAF), SIEM, malware protection solutions, End-point Detection and Response (EDR) tools
- Hands on experience with latest security solutions and appliances such as Cisco, Juniper, Palo Alto Networks, FireEye, Imperva, Splunk, SumoLogic, Squid Proxy
- Hands on experience with application security tools like SonarQube and Veracode
- Hands on experience with LDAP, Active Directory, GPOs
- Strong understanding of networks and TCP/IP
- Solid hands-on experience with Linux, Windows, and Macintosh security
- Experience with providing secure solutions at various levels of the technology stack including network, systems, data and physical layers
- Strong knowledge of common attacks, attack methods, and defense strategies
- Experience in integrating security and compliance into Agile development life cycle
- Experience supporting SOC audits including implementing, monitoring and managing related controls and coordinating external audit activities
- Experience in identifying, evaluating, and mitigating security and technology risks
- Knowledge of security frameworks, standards, policies and practices – including NIST, ISO 27001, CIS CSC
- Experience creating technical documentation such as policies, standards, procedures, white papers, etc.
- Past experience providing security solutions and maintaining security on PaaS (AWS, Google Cloud, Azure, etc.)
- Past security experience with providing security solutions for global SaaS solutions
- Experience in developing hardening standards for operating systems and network devices
- Experience in investing security incidents including methodologies and forensics tools
- Programming experience is a plus (Erlang, Java, Python, Django)
- Experience in conducting security awareness training
Desired Characteristics
- Excellent written and verbal communication skills
- Ability to clearly communicate security issues and concepts to non-technical people
Company at a Glance
OpenX exists to help publishers grow their businesses by monetizing great content. We do this by creating highly efficient, high quality programmatic advertising marketplaces that deliver optimal value to all buyers and sellers of digital advertising.
Today, OpenX operates one of the largest, most efficient and highest quality programmatic markets in the world. Our unified system also encompasses a complete supply side platform that optimizes revenue across network and real-time bidding (RTB) demand, and a comprehensive ad server.
At OpenX we have built a team that is uniquely experienced in designing and operating high-scale programmatic ad marketplaces. We are constantly looking for thoughtful, creative executors who are as fascinated as we are about finding new ways to apply a blend of market design, technical innovation, operational excellence, and empathetic partner service to the frontiers of digital advertising.
OpenX Values
We are one
Our customers define us
OpenX is mine
We are an open book
We evolve fast