Job Description

Job Description

The Director of Application Security will refine the program to look at our high-risk applications and develop a strategy on how often these are reassessed and what action would trigger a new assessment. We need someone that can walk in and put forth a strategy to get our engineers the training they need to make sure security is being thought about early in the SDLC. You will report to Director, Security Architecture and open to full-time remote

The Director of Application Security will take charge of our several applications security efforts and glue them into a cohesive program. This includes:

* Take a look at our bug bounty program and assessing how we can get the most value out.

* Look at the metrics we are collecting and determining if they are correct or if we need to pivot.

* Making sure the bug bounty efforts are staffed correctly and are maintainable.

* The Director of Application Security will push our vulnerability management program forward.

* We need someone to improve this process with an eye on lowering our time to resolution.

Who are we?

Information Security helps prevent The Times from becoming news.

Our team works to protect the news makers, their support staff and the platforms which they rely on every day as well as all of The Times products and services and our readers who consume them.

Responsibilities:

* You will lead and further develop the application security and vulnerability management teams

* You will inject security controls during the requirements phase to integrate security within the process.

* You will provide technical assistance and problem resolution for engineering activities

* You will lead team of Application Security Engineers, serving as solution architects for security projects

* You will investigate security incidents and report findings and recommendations for corrective action.

* You will share security concepts and goals with peers across the organization.

Whom this role will interact with:

Engineering Organization

* Vice President of Engineering

* Director of Engineering

* Engineering Managers

Project Management

* Associate Director of Project Management

Product Management

* Vice President of Product

* Director of Product Management

* Senior Product Manager

Some of the tech we use

Go, Bash, AWS, GCP, Terraform, Packer, Docker, Kubernetes, Vault, Consul, Drone, Checkmarx

LI-AM1

The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local Fair Chance laws.