What to expect at MediaMint
We love people who define their surroundings and who are constantly looking to learn new things. We value honesty and integrity above all. We love people who are honest, self-aware and intent on bettering themselves each day. If you love growth - professional and personal, then MediaMint is most likely the place for you!
What do we do
MediaMint is an AI-powered Revenue Operations services company dedicated to accelerating innovation and revenue growth for platforms and publishers worldwide. Our mission is to enhance operational efficiency, scalability, customer satisfaction, and data-driven insights through advanced technology, automation, and AI capabilities. We serve industry leaders across AdTech, Consumer, CTV, Publishing, and Retail.
Job Description:
Were looking for a hands‐on Security Engineer who can blend application security, cloud security, and platform guardrails to protect a fast‐moving, multi‐tenant AI platform. Youll design and automate secure‐by‐default patterns, harden our Kubernetes and cloud stack, and embed security into the SDLC so engineers can ship quicklywith confidence.
What Youll Do:
- Secure SDLC & DevSecOps: Embed SAST/DAST/SCA, dependency & container scanning, SBOMs, and signed images (e.g., Cosign) into CI/CD (GitHub Actions / Jenkins).
- Define policy gates and practical risk‐based SLAs.
- Threat Modeling & Architecture: Lead threat models for agents, microservices, data flows, and AI/ML pipelines; advise on Zero‐Trust patterns, secure multi‐tenancy, and safe data sharing.
- Cloud Security (AWS/GCP/Azure): Design IAM least privilege (SCPs, ABAC/RBAC), network segmentation (VPCs, Security Groups, NACLs), WAF, KMS/HSM key management, secret rotation, and hardened baselines.
- Kubernetes & Container Security: Enforce admission controls/OPA, network policies, pod security, runtime protections (e.g., Falco), image provenance, secrets management (Vault/Cloud Secrets), and cost‐aware isolation for AI workloads.
- Data Protection & Privacy: Implement encryption in transit/at rest, tokenization/pseudonymization for PII, fine‐grained access controls, auditability, data retention, and secure sharing patterns.
- Identity & Access: Own SSO/OIDC/OAuth2, SAML, workload identity, service‐to‐service mTLS, and API auth/authorization for internal and customer‐facing services.
- Detection & Response: Build actionable detections (SIEM/SOAR such as Datadog/Splunk), tune alerts, lead incident response and blameless post‐mortems, and run tabletop exercises.
- Vulnerability & Posture Management: Operate CSPM/KSPM, IaC security (Terraform checks, drift detection), dependency management, and coordinated pentesting/bug‐bounty triage.
- Compliance Enablement: Partner with GRC to support SOC 2/ISO 27001 and privacy regimes (GDPR/DPDP). Automate evidence collection through controls‐as‐code.
- Developer Enablement: Build paved roads, reusable libraries, and secure templates; run a security champions program and office hours to multiply impact.
What You Must Bring:
- 5+ years in Product Security / Cloud Security / Platform Security for production systems.
- Proven expertise in one major cloud (AWS strongly preferred) and Kubernetes security at scale.
- Proficiency in Python (preferred) or Go/Bash for automation; strong Linux/networking fundamentals.
- Hands‐on with DevSecOps toolchains: SAST/DAST/SCA, container & IaC scanners, SBOMs,
- Sigstore/Cosign, OPA/Gatekeeper.
- Strong command of IAM, secrets management (Vault/SM), key management (KMS/HSM), and API security.
- Experience building detections and incident response runbooks with SIEM/SOAR.
- Clear, pragmatic communication with engineers and non‐technical stakeholders; bias for enablement over gatekeeping.
- At least one relevant certification is mandatory (e.g., AWS Security Specialty, Google Professional Cloud Security Engineer, CKS/CKA, CISSP, OSCP, GSEC, or HashiCorp/Terraform).
Bonus Points:
- Exposure to AI/ML security: supply‐chain risks for models/agents, prompt‐injection defenses, feature store governance, model packaging (MLflow/Kubeflow/Vertex AI).
- Experience with service mesh (Istio/Linkerd) mTLS, API gateways, or event‐driven architectures.
- Familiarity with AdTech/MarTech/RevOps domains and data privacy nuances.
- Contributions to security OSS, bug bounties, or published research.
About MediaMint
MediaMint is a global professional services firm specializing in digital marketing and consulting. We work with a broad spectrum of clients - from Fortune 500 to start-ups. Our mission is to provide strategic, operational and technical support that drives performance and delivers outstanding results for our clients. Our vision is to be the transformative operating partner for media and technology companies worldwide. We currently have 7 offices. Our headquarters is in Hyderabad and it is our main delivery and operations center. Our other offices are in San Francisco, New York, Spain, Canada, Mexico, Krakow (Poland) and Ilorin (Nigeria). MediaMint currently employs more than 3000+ dedicated professionals.
