Manager, Security Engineering

What you'll do

• Lead, grow, mentor, and develop a combined team of Application Security and Platform Security engineers; drive performance, growth, and retention across the function
• Own and evolve The Trade Desk’s Security Engineering strategy, roadmap, and maturity model across both application and platform domains; define and report KPIs that demonstrate measurable improvement in security posture to senior leadership
• Ensure consistency and alignment across application and platform security controls — driving unified standards, shared tooling, and integrated posture outcomes for the enterprise
• Drive shift-left integration of security into the SDLC in partnership with Engineering and Product — including threat modeling, secure design reviews, and the rollout and tuning of SAST, DAST, and SCA tooling
• Mature TTD’s posture management capabilities across cloud and infrastructure — including CSPM, Infrastructure-as-Code scanning, hardening baselines, and configuration management
• Mature TTD’s vulnerability management and remediation orchestration practices — including triage workflows, risk-based prioritization, SLA tracking, and integration with engineering workflows
• Represent the Security Engineering function across the broader organization — Engineering, Product, Compliance, Security Response, and executive leadership — and influence roadmap decisions, resource allocation, and security investment priorities

Requirements

• 7+ years of experience in Information Security or Cybersecurity, with hands-on depth in Application Security and/or Platform/Cloud Security
• 2+ years of experience leading and developing security engineering teams, including hiring, mentoring, performance management, and roadmap ownership
• Experience driving a measurable security maturity program — defining KPIs, reporting to leadership, and demonstrating posture improvement over time
• Experience building programs that apply industry-standard security best practices and reconcile them against business and engineering needs
• Experience managing a security assessment program — including architecture reviews, secure design reviews, threat models, and code/configuration reviews across many product teams
• Experience building security visibility and engagement programs (e.g., Security Champions, security awareness, training) that scale culture and coverage across the organization
• Working knowledge of cloud security, Cloud Security Posture Management (CSPM), and Infrastructure-as-Code scanning across one or more major cloud platforms (AWS, GCP, or Azure)
• Strong understanding of secure software development and deployment practices, including common application security risks and mitigations (e.g., OWASP, CWE)
• Familiarity with common Information Security frameworks and standards such as MITRE ATT&CK, NIST, and ISO 27001/27002
• Excellent written and verbal communication skills — able to translate technical risk into business outcomes for executive audiences and to communicate, influence, and manage expectations directly with engineering teams
• Certifications such as CISSP, CSSLP, GWAPT, OSWE, or cloud security certifications (AWS, GCP, or Azure) are a plus
• Knowledge of PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information is a plus
• Experience in ad tech, large-scale SaaS, or other high-throughput consumer/enterprise platforms is a plus

Tech stack

Benefits