Senior Security Engineer
- 305 Main St, Redwood City, CA 94063, USA
PubMatic is a digital advertising technology company for premium content creators. The PubMatic platform empowers independent app developers and publishers to control and maximize their digital advertising businesses. PubMatic’s publisher-first approach enables advertisers to maximize ROI by reaching and engaging their target audiences in brand-safe, premium environments across ad formats and devices. Since 2006, PubMatic has created an efficient, global infrastructure and remains at the forefront of programmatic innovation. Headquartered in Redwood City, California, PubMatic operates 13 offices and nine data centers worldwide.
Within the Adtech environment, you have a deep understanding of the complex nature of security spanning infrastructure, applications and IT. You feel comfortable understanding security in the context of infrastructure, applications (java, open source tools). Does not hesitate digging into code to understand the subtle and obscure problems that can arise due to security vulnerabilities in the environment. You work with people, technical and non-technical alike, to understand security posture needed to help them understand, implement changes to address them.
You're a company resource, providing best practices, guidelines, and feedback around security. You have your finger on the pulse of security across the Ad platform internally as well as from what happens externally. You have a cool head under pressure. When a technical fire occurs, you understand that putting it out should always avoid collateral damage. When you cause a fire (as everyone inevitably does), you take responsibility for it and work with the team to figure out the right way to put that fire out. You believe blaming is a waste of time: when something goes wrong, you figure out why it happened and how to prevent it from happening again in the future. Better yet, you look for how things went right in the first place and improve upon those.
As a member of security team, you seek out feedback on your findings, designs and ideas and provide the same to others. You constantly ask 'What am I missing?' and 'How will this NOT work?' You don't shy away from what you don't know; you readily admit that you don't know everything, and use every resource available within and outside the company to learn what you need to know.
- Work closely with users, Network, Systems, CorpIT, Database, Big Data, Engineering and business teams to identify and resolve complex security issues
- Design, recommend, and implement security improvements by evaluating current systems and procedures, researching trends, and anticipating requirements
- Protect systems by defining access privileges, control structures, and resources
- Identify abnormalities, flag problems, and report violations
- Perform periodic system penetration testing
- Perform analysis and correlation of security events from multiple sources including but not limited to events from AV, network and host based intrusion detection systems, firewall logs, system logs (Linux, Windows, Mac), Domain Controller Logs and artifacts in hosted and collocated environments
- Perform regular vulnerability scans of environment and recommend prioritized remediation of vulnerabilities found
- Evaluate, recommend and lead the effort to implement a Data Loss Prevention solution
- Uncover security violations and inefficiencies by conducting and participating in IT audits
- Upgrade system by implementing and maintaining security controls
- Provide a quarterly report on the status of PubMatic physical, data, and application security; include recent improvements and future recommendations
- Create and update annual security strategy report
- Attend educational workshops and read industry publications to grow technical knowledge and stay current on trends as it pertains to AdTech environment
- Define, implement and maintain corporate security policies and procedures
- Acquire a complete understanding of a company’s technology and information systems
- Plan, research and design robust security architectures for any IT project
- Oversee security awareness programs and educational efforts
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Research security standards, security systems and authentication protocols
- 10-12+ years of IT and applications experience (5+ year of security experience preferred)
- B.S. in Computer Science OR equivalent technical experience
- Experience in Network Security, Information Security Policies, and Network Protocols
- Familiar with emerging technologies in the security monitoring, event correlation and alert/detection space
- Ability to correlate security events, system artifacts and IOCs and make accurate conclusions and timely remediation’s
- Exceptional customer service skill
- CISSP Certification
- GIAC Certifications (GSEC, GIAC, GMON, GCIH, GPEN, or GWAPT)
All your information will be kept confidential according to EEO guidelines.