The New York Times is looking for an Application Security Analyst with strong analytical, critical thinking and decision making skills. As part of the Information Security Office, you will be responsible for performing code review and grey box testing, serving as a technical reference for developers and represent the InfoSec office on various initiatives. You will collaborate with colleagues across a variety of teams to architect and ship projects securely. Your work will have a direct, tangible impact on our ability to protect our data, communications, journalists and sources. You will also play an integral part in ensuring that we securely serve content to our subscribers.
What you’ll be doing:
Collaborating with engineers on the design and architecture of new systems.
Identifying gaps in existing securityarchitecture and recommend improvements.
Helping implement security best practices as part of our CI/CD pipeline.
Participating in the implementation of a well-defined application security program.
Serving as part of an on-call rotation to provide off-hours support for critical security issues.
Participating in learning reviews following security incidents and delivering technical reports.
The culture at The Times is one of commitment to our brand. The Times blazes the way for journalism and we when you join us, you are part of something big.
A rich development environment that includes Node.js, Go, Swift and other languages.
A commitment to our staff. You’ll be encouraged to expand your breadth of knowledge through education, workshops and active engagement within the InfoSec community.
A security awareness program tailored to create a culture of security across all departments.
3+ years of relevant securityexperience.
Strong analytical, critical thinking and decision making skills.
Fundamental understanding of web application architecture and cloud environments.
Fundamental understanding of common mobile and web application vulnerabilities.
Proficient in technical writing and able to communicate effectively.
You might also have:
Working knowledge in securing Node.js, Java, Go or Python applications.
An understanding of the OWASP testing methodology and knowledge of penetration testing tools.
Experience with Docker, Kubernetes or similar platforms.