Security Engineer 2

About is a leading global ad tech company, building innovative products and solutions for advertisers and publishers. creates the most transparent and efficient path for ad budgets to become publisher revenue, while delivering meaningful value to advertisers, publishers, app developers, and end users across the open web. We are one of the world’s largest independent contextual advertising businesses, with one of the industry’s most comprehensive advertising technology portfolios. powers major publishers and ad-tech platforms across formats, including display, video, mobile, native, search, and local. Our platform manages high-quality ad supply across 500,000+ websites and is licensed by the biggest publishers, ad networks, and technology partners worldwide.Beyond our core advertising business, also operates at scale in performance-driven consumer acquisition, app development and distribution, and strategic technology investments. These efforts are supported by one of the world’s largest independent software development engines, enabling us to innovate rapidly and build products used across global markets. is home to 1,300+ employees, with key operations across North America, Europe, and Asia. Our US headquarters is in New York, and our global headquarters is in Dubai. Across 50+ demand partners, 21K+ publishers, and a growing portfolio of products and services, we take great pride in driving trusted, transparent, and scalable resultsAbout the RoleWe're looking for a Site Security Engineer (SSE) — the /"SRE of security/" — to embed security thinking deeply into our engineering culture. Like an SRE applies reliability principles at scale, you'll apply the same rigor to security: automating detection, hardening infrastructure, eliminating vulnerabilities systematically, and ensuring our platform remains resilient against threats that evolve daily.This is a hands-on, engineering-first role. You'll work alongside SRE and development teams, advise on security tooling and architecture, participate in incident response, and own vulnerability management end-to-end — all within a small, high-trust security team.Key Responsibilities1. Security Engineering & AutomationWrite scripts and automation (Python and/or Bash) to detect, respond to, and reduce security risk at scale — not manual one-off fixesConfigure security tooling integrated into CI/CD pipelines (SAST, DAST, SCA, secrets detection), working alongside SREs who own the pipeline infrastructureAdvise SREs on deployment, configuration, and tuning of open-source security tools (e.g. Falco, Trivy, Wazuh, Nuclei, OpenVAS) based on hands-on familiarity2. Cloud & Container SecurityAssess and harden cloud security configurations — IAM policies, VPC controls, Security Command Center, Cloud Armor, logging and alertingEvaluate and improve container security posture across Docker/Kubernetes workloads — image scanning, runtime detection, privilege controls, network policies3. Vulnerability ManagementOwn vulnerability triage workflows in DefectDojo, applying CVSS and EPSS scoring to prioritize findings meaningfullyCommunicate findings clearly to development teams and collaborate on remediation — translating technical risk into business context without blame4. VAPT & Network SecurityConduct automated and manual VAPT across web applications, APIs, networks, and container workloadsUse tools including Nmap, Burp Suite, Amass, Nuclei, Shodan, Censys, Subfinder Trivy, Metasploit, and Wireshark for testing, and recommend additional tooling where gaps existPerform network security assessments covering firewall rules, segmentation, and exposure analysis5. Incident Response SupportActively support the Incident Response team during security events arising from monitoring and alerting pipelinesInvestigate alerts from SIEM and observability tooling in collaboration with the SOCContribute to post-incident analysis and help close the loop on root causes6. Threat IntelligenceActively track the threat landscape — CVEs, threat actor TTPs, and advisories relevant to adtech, programmatic infrastructure, and open-source dependenciesSurface actionable intelligence to the team before issues become incidentsRequired Skills & Experience4+ years of hands-on security experience — professional, bug bounty, CTF, or lab-based practice all consideredScripting is mandatory — proficiency in Python and/or Bash for automation, tooling, and investigation workflowsStrong working knowledge of cloud security services and configuration hardeningSolid experience with container technologies (Docker, Kubernetes) and associated security practicesProficiency with Nmap, Burp Suite, Amass, Nuclei, Shodan, Censys, Subfinder Trivy, Metasploit, wireshark and a capability to deploy and configure other open-source toolingExperience with DefectDojo or equivalent VM platforms; clear understanding of CVE, CVSS, and EPSS is a bonusComfortable and efficient in both Linux and Windows terminal environments — log parsing, process investigation, system forensicsUnderstanding of CI/CD security — SAST, DAST, SCA, secrets scanning — and the ability to configure those controls even if not owning the pipelineStrong communicator — able to work effectively with SREs, developers, and non-technical stakeholdersNice to HaveFamiliarity with CIS RAM, NIST CSF, and secure SDLC principlesExposure to SIEM platforms (Wazuh, Splunk, ELK)Bug bounty history, CTF participation, or open-source security contributionsCertifications: OSCP, GPEN, GCP Security, or equivalentWhy Join UsSmall security team = high ownership, fast decisions, and direct visibility to leadershipWork at the intersection of security and engineering, not siloed in a GRC functionCollaborate closely with SRE, NOC, SOC, and product engineering teamsShape how security engineering is practiced at one of adtech's most recognized platforms

Apply Now