As a member of the DevSecOps team, your day to day job would include evaluating the current Application environments, development procedures and evolving them to be more secure and compliant states. You will also be a part of a team responsible for building platforms that ensure that the various systems at The New York Times continue to operate in a reliable and efficient manner. This position reports to the Director of Security Architecture in the Information Security organization.
Who are we?
Information Security helps prevent The Times from becoming news.
Our team works to protect the news makers, their support staff and the platforms which they rely on every day as well as all of The Times products and services and our readers who consume them.
Create an environment that favors context not control. Empower engineers and ensures they have the relevant information and tools to deliver secure products and services
Create DevSecOps standard operating procedures and best practices
Identify nuanced vulnerabilities in CI/CD pipeline systems
Coordinate with customer teams to streamline code deployment process
Improve usability, efficiency, security, reliability, and performance of customer software development efforts
Develop mitigation strategies for keeping our customers safe
Develop comprehensive reports and presentations for our customers
Be part of a cross organizational team responsible for designing and promoting secure architectures and development practices.
Building secure environments with infrastructure as code principles
Provide mentoring and evangelize best practices to the product development teams.
Contribute to automating security principles and checkpoints into the CI/CD pipeline and containerization process
Analyze and harden existing infrastructure, automation, application coding and DevOps process
Collaborate effectively with other teams including Engineering leads, Compliance and product development teams to implement best practices, remediate vulnerabilities, educate employees, and keep the customer data safe.
Operating and being on-call for infrastructure such as Vault, Consul and Twistlock.
5+ years experience in development operations and/or security engineering space
Understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security and authentication
Knowledge of one or more cloud platforms (AWS, GCP) and best practices for architecting security and guardrails into those platforms
Good understanding of modern software development practices such as CI/CD and shifting security to left
Working experience with containerization and orchestration platforms
A bias towards helping people. Many teams will rely upon you for help to build their systems.
Nice to Have
Security/Compliance or DevOps certifications
Programming in Go/python on a production application
Experience with Terraform and Packer
Experience with Continuous Integration and Continuous Delivery techniques and tooling