Overview

Job Description

The New York Times is looking for an experienced and passionate software engineer with strong technical foundations, and expertise in building secure applications to join our Authentication team.

About the Role:

You will report to the Engineering Manager of the Authentication team as a Senior Software Engineer. The mission of our team is to provide a best-in-class authentication platform that enables the creation and continued access of millions of user accounts, as securely and as seamlessly as possible. You will lead the technical path of building a high-quality and scalable system used by millions of New York Times readers on a daily basis.

Responsibilities:

  • Provide expertise and recommendations on application security related matters.
  • Lead security oriented product features and infrastructure.
  • Design, implement, and support highly performant and scalable software.
  • Analyze logs and metrics to uncover attacker techniques and apply solutions to prevent them.
  • Find and address potential security vulnerabilities in our code.

About You:

You are an innovator in the Identity and Access Management space, who consistently explore opportunities to improve the authentication experiences of our customers. You are an experienced engineer who knows how to translate requirements and concerns from cross-functional stakeholders into pragmatic technical solutions, and deliver them to production. You enjoy building scalable and quality software through rigorous code reviews and automated testing in an iterative fashion. You are also proud of your attention to detail, sense of ownership and the quality of your work.

Qualifications:

  • 5+ years of strong experience developing mission-critical systems in a cloud environment. (Preferably in Go / Java / JavaScript)
  • In-depth knowledge of secure engineering concepts that can be applied to coding practices and code reviews.
  • Excellent understanding and experienced with common threat vectors, including strategies to detect, mitigate and prevent them.
  • Experienced with mitigating common web application vulnerabilities such as XSS, CSRF, SQLi, etc.
  • Knowledgeable in cloud infrastructure and technologies, including their security related trade-offs.
  • Familiar with Identity and Access Management (IAM) protocols and technologies such as OAuth, OpenID Connect, SSO, Session Management, etc.
  • Clear grasp of AuthN & AuthZ concepts.

Nice to have:

  • Technical security experience in cryptography, such as encryption, hashing, key management, TLS, etc.

The New York Times is committed to a diverse and inclusive workforce, one that reflects the varied global community we serve. Our journalism and the products we build in the service of that journalism greatly benefit from a range of perspectives, which can only come from diversity of all types, across our ranks, at all levels of the organization. Achieving true diversity and inclusion is the right thing to do. It is also the smart thing for our business. So we strongly encourage women, veterans, people with disabilities, people of color and gender nonconforming candidates to apply.

The New York Times Company is an Equal Opportunity Employer and does not discriminate on the basis of an individual’s sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The New York Times Company will consider qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local “Fair Chance” laws.