The New York TimesRemote
Senior DevSecOps Engineer, Cybersecurity
United States of America
Full Time
3 days ago
$145,000 - $165,000 USD
H1B Sponsor Likely
Key skills
PythonGoAIAWSGCPTerraformKubernetesVaultPackerGitOpsCI/CDCollaborationNetwork Security
About this role
The New York Times is committed to independent journalism and is seeking a Senior DevSecOps Engineer in Cybersecurity. This role involves designing, building, and operating security controls to protect their systems and data, while collaborating with product engineering and enterprise technology teams.
Responsibilities:
- Create an environment that favors context, not control. Empower product engineers and ensure they have the relevant information and tools to deliver secure products and services
- Design, implement, and operate security controls and services (e.g., identity and access management, secrets management, endpoint/agent hardening, network segmentation, detection, and response automation) that meet reliability, security, scalability, and observability standards
- Partner with product and platform teams to integrate security into architecture and developer workflows while articulating business impact and tradeoffs
- Perform security reviews, threat modeling, and risk assessments (code, design, 3rd-party apps)
- Investigate and resolve urgent and/or complex security issues, triaging effectively and driving architectural changes that prevent recurrence
- Participate via RFCs, community of practices, and other internal knowledge sharing channels to share learnings, align on standards, and influence secure patterns across areas; model The Times' core values in cross-functional collaboration
- Support team growth through peer design/code review, pairing, and clear feedback
- Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world
- This role reports to the Director of Engineering, Cybersecurity
Requirements:
- 5+ years of experience in software engineering and/or security engineering space
- Understanding of security controls across a variety of security domains, including access management, encryption, vulnerability management, AI security, network security, authentication/authorization, etc
- Knowledge of one or more Cloud platforms (AWS, GCP) and best practices for architecting and securing
- Experience with software engineering practices (CI/CD, GitOps, IaC, etc.) and related security practices (SAST, SCA, secure by design, shift left, etc.)
- Programming skills in at least one language (Go, Python)
- Experience with containerization and orchestration platforms
- Security/Compliance or DevOps certifications
- Experience with Kubernetes
- Experience with Terraform and Packer
- Experience with HashCorp Vault