Senior Application Security Engineer

Job Description

The New York Times has a unique culture that guides us to do things differently. This allows development teams to focus on delivering software with velocity, but also means that the Information Security team constantly innovates to solve classic problems. Our team of architects, builders and breakers consider customer security and success our north star and aren't afraid of getting our hands dirty.

The Application Security Team helps the New York Times build secure applications. We do this by providing clear documentation and expectations for how to build and maintain applications securely, provide support to help development teams improve security of their applications, and monitor and report on the security of applications within the company. Our customers are primarily The New York Times product and technology teams that produce the software, tools and technology to empower the business. We build credibility not just by advising people but by being empathetic to people, paying attention to details, respecting ideas over egos, embracing change, and reducing the red tape by going the extra mile.

As an Application Security Engineer, you will -
  • Create and maintain documentation designed to help teams secure their applications
  • Help design and deliver educational trainings for development teams
  • Collaborate with development teams to help them design and build secure applications
  • Guide product and technology teams to integrate security into their software development lifecycle
  • Assess the application threat landscape through threat modeling and architecture reviews
  • Drive the implementation of automated application vulnerability scanning tools including static code analysis
  • Conduct security code reviews for a variety of languages and frameworks of web and mobile applications
  • Document technical issues identified during security reviews and assessments
  • Provide technical expertise and collaborate within the security team to assess the risk of identified vulnerabilities
  • Assist in the prioritization and remediation of identified vulnerabilities
  • Participate in application security periodic off-hours escalation rotation


You might have -
  • Strong foundation and in-depth technical knowledge of application security
  • Working knowledge of Fortify, Checkmarx or similar static code analyzers
  • Ability to read code like a book and sniff out security bugs like typos
  • Proficiency to write code in Python as if it's child's play
  • Love helping people and will go the extra mile for that
  • Empathetic to the complexity of being a developer
  • Excellent linguistic and communication skills
  • Comfortable with public speaking and an ability to engage regularly w/ others
  • Excellent relationship-building and influencing skills
  • Have at least 3 years of relevant work experience


Why NYT?
  • Core mission is to seek truth and help people understand the world.
  • Our values are Independence, Integrity, Curiosity, Respect, Collaboration and Excellence.
  • Commitment to one's development through education, workshops and active engagement.
  • Exposure to a wide range of new, old and everything in-between technologies and languages.
  • We <3>


This role may require limited on-call hours. An on-call schedule will be determined when you join, taking into account team size and other variables.

The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local "Fair Chance" laws.