Application Security Engineer

The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It's why we have a newsroom that's 1,700 strong and sends journalists to report on the ground from nearly 160 countries. It's why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it's why our business strategy centers on making journalism so good that it's worth paying for.

Note for US based roles: Any offer of employment is contingent on providing proof of Covid-19 vaccination prior to your start date, subject to approved medical and/or religious exemptions, in accordance with applicable law.

Job Description

The New York Times has a unique culture that guides us to do things differently. This allows development teams to focus on delivering software with velocity, but also means that the Information Security team constantly innovates to solve classic problems. Our team of architects, builders and breakers consider customer security and success our north star and aren't afraid of getting our hands dirty.

The Application Security Team helps the New York Times build secure applications. We do this by providing clear documentation and expectations for how to build and maintain applications securely, provide support to help development teams improve security of their applications, and monitor and report on the security of applications within the company. Our customers are primarily The New York Times product and technology teams that produce the software, tools and technology to empower the business. We build credibility not just by advising people but by being empathetic to people, paying attention to details, respecting ideas over egos, embracing change, and reducing the red tape by going the extra mile.

As an Application Security Engineer, you will -
  • Create and maintain documentation designed to help teams secure their applications
  • Help design and deliver educational trainings for development teams
  • Collaborate with other members of the security team to help the business design and build secure applications
  • Assist in managing the incoming requests for assistance from development teams
  • Participate in and support threat modeling sessions and architecture reviews
  • Help build, configure, and monitor security tools
  • Assist in security code reviews for a variety of languages and frameworks of web and mobile applications
  • Document technical issues identified during security reviews and assessments
  • Work with other security team members to assess the risk of identified vulnerabilities
  • Assist in the prioritization and remediation of identified vulnerabilities
  • Participate in application security periodic off-hours escalation rotation

You might have -
  • A love of breaking things and seeing how they work.
  • Foundation knowledge of application security, specifically knowledge of the OWASP Top 10 (2017 or 2021)
  • Ability to code in at least one language such as Go, Java, PHP, or Python
  • Experience working on a development team or building applications
  • Familiar with CI/CD pipelines and deployment processes
  • Some experience using cloud based services in AWS or GCP
  • Knowledge and understanding of Docker containers and Kubernetes
  • Love helping people and will go the extra mile for that
  • Excellent linguistic and communication skills

Why NYT?
  • Core mission is to seek truth and help people understand the world.
  • Our values are Independence, Integrity, Curiosity, Respect, Collaboration and Excellence.
  • Commitment to one's development through education, workshops and active engagement.
  • Exposure to a wide range of new, old and everything in-between technologies and languages.
  • We <3>


The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local "Fair Chance" laws.