Senior Engineer, Cybersecurity
Listed on 2026-02-07
-
IT/Tech
Cybersecurity
The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination.
And it’s why our business strategy centers on making journalism so good that it’s worth paying for.
The Senior Engineer, Cybersecurity is a hands‑on contributor who designs, builds, and operates security controls and services that protect The Times' systems, data, and users. As a member of the Security Architecture team, you will own complex initiatives end‑to‑end, drive measurable risk reduction, and collaborate across product engineering and enterprise technology with technical depth, operational rigor, and clear communication aligned with business outcomes.
Cybersecurity helps prevent The Times from becoming news. Our teams work to protect the news makers, their support staff, the platforms they rely on everyday, as well as all of The Times' products and services, and our readers who consume them.
Responsibilities- Create an environment that favors context, not control. Empower product engineers and ensure they have the relevant information and tools to deliver secure products and services.
- Design, implement, and operate security controls and services (e.g., identity and access management, secrets management, endpoint/agent hardening, network segmentation, detection, and response automation) that meet reliability, security, scalability, and observability standards.
- Partner with product and platform teams to integrate security into architecture and developer workflows while articulating business impact and tradeoffs.
- Perform security reviews, threat modeling, and risk assessments (code, design, 3rd‑party apps).
- Investigate and resolve urgent and/or complex security issues, triaging effectively and driving architectural changes that prevent recurrence.
- Participate via RFCs, community of practices, and other internal knowledge sharing channels to share learnings, align on standards, and influence secure patterns across areas; model The Times' core values in cross‑functional collaboration.
- Support team growth through peer design/code review, pairing, and clear feedback.
- Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.
- This role reports to the Director of Engineering, Cybersecurity.
- 5+ years of experience in software engineering and/or security engineering space
- Understanding of security controls across a variety of security domains, including access management, encryption, vulnerability management, AI security, network security, authentication/authorization, etc
- Knowledge of one or more Cloud platforms (AWS, GCP) and best practices for architecting and securing
- Experience with software engineering practices (CI/CD, Git Ops, IaC, etc.) and related security practices (SAST, SCA, secure by design, shift left, etc.)
- Programming skills in at least one language (Go, Python)
- Experience with containerization and orchestration platforms
- Security/Compliance or Dev Ops certifications
- Experience with Kubernetes
- Experience with Terraform and Packer
- Experience with Hash Corp Vault
This role may require limited on‑call hours. An on‑call schedule will be determined when you join, taking into account team size and other variables.
REQ-019399
Compensation & BenefitsThe annual base pay range for this role is between:
$145,000 - $165,000 USD
For roles in the U.S., dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock. Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company‑matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs.
For roles outside of the…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).