Principal Security Engineer

Job Description

The New York Times is looking for an expert who's motivated to serve as Principal Security Engineer on the team that protects our systems, data, communications, journalists and sources.

Who are we?

Our team works to protect the news makers, their support staff and the platforms which they rely on every day. We oversee everything from analyzing malware and tracking threat actors to penetration testing and educating staff on modern threats.

Who are we looking for?

We want someone who has a passion for both information security and The Times' mission and a willingness to share your knowledge with others. In the Principal role, you will be looked to as an expert, mentor, and strategist. We need someone to join our team who can reprioritize based on the news cycle and current conditions. 2021 is a major news year, one where we are all part of the story; join us in securing The Times.

We are looking for a technically sound Principal Security Engineer to oversee the design, building, testing, and implementation of security systems within our products. The Principal Security Engineer's responsibilities include the ongoing review of current security measures, recommending enhancements, identifying areas of weakness and partnering with our development teams. We aim to provide context not control. You will also conduct regular system tests and ensure the monitoring of our cloud infrastructure. As a Principal Security Engineer you will report to the Director of Information Security.

Principal Security Engineer Duties
  • Create an environment that favors context not control. Empower engineers and ensure they have the relevant information and tools to provide secure products
  • Develop security partnerships with engineering teams that are aimed at driving holistic security improvements to reduce risk
  • Work with product and platform teams to ensure security baselines (agents, monitoring, configurations) are in place and extendable (by automation or established procedure) in all environments
  • Review current system security measures to recommend and implement enhancements that are customized to the current development and release environments to minimize friction
  • Partner with the Technology Risk Team to create an inventory of risk with business context
  • Establish disaster recovery procedures and conduct security incident response exercises
  • Propose incentivisation structures, training and working groups designed to identify and reward Security Champions throughout the organization

  • A Bachelor's or Associate's degree in IT, Computer Science, or related field.
  • Solid understanding of security protocols, cryptography, authentication, authorization and security
  • knowledge of one or more cloud platforms (AWS, GCP) and best practices for Engineering security and guardrails into those platforms
  • 5+ years experience automating deployments and configurations w/ infrastructure-as-code approaches (terraform, ci/cd, docker and orchestration approaches, etc)
  • knowledge of current technology risks and experience implementing security solutions
  • Ability to interact with a broad cross-section of personnel to explain security measure
  • A working knowledge of current technology risks, security implementations, and computer operating and software programs.

This role may require limited on-call hours. An on-call schedule will be determined when you join, taking into account team size and other variables.


The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local "Fair Chance" laws.